Ahmedvienna12D78294-1723-4450-A239-023952666102Language Dropdown Menu Manipulation
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
3.3 Low
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:M/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
13.1%
Hello
It is possible to manipulate the Language Dropdown Menu and change it to anything the attacker wants.
Process of the Vulnerability:
- Login
- Go Miscellaneous -> Email & file templates
- Add Template -> Change & Save and intercept the Request
- Change the Language to anything you want
Lets see :)
As you can see there are specific Languages nobody can select anything else.
Lets put HACKED inside it :)
The language is now HACKED lets see
AS you can see the language is now HACKED and it got accepted even if we have a Dropdown Menu
with specific Languages to choose from
Thank you for watching :)
Best regards
Ahmed Hassan
Related
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
3.3 Low
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:M/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
13.1%