Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrGaurav-g258918962-CCB5-47F9-BB43-FFD8CAE1EF24
HistoryMay 09, 2022 - 10:04 a.m.

Account Takeover

2022-05-0910:04:26
gaurav-g2
www.huntr.dev
12

0.002 Low

EPSS

Percentile

57.2%

JSON

Description

Hi there i found that forget password functionality can be manipulated and this lead to account takeover. So even if an attacker can takeover low access user to admin accounts. In this bug server is vulnerable to php type juggling attack

Proof of Concept

  1. While registering app for first use set DB password starting with “0e” and then random characters in it. so You can add any password starting with 0e
  2. Goto forget password section and add username as admin and new password as “newpass”
  3. Add 0 in database password
  4. Send request and login with new password
  5. Successfully changed password

Reference :-https://medium.com/swlh/php-type-juggling-vulnerabilities-3e28c4ed5c09

Related

prion 1
nvd 1
veracode 1
osv 2
cvelist 1
github 1
cve 1
prion
prion
Code injection
2022-05-13 17:15:00
nvd
nvd
CVE-2022-1715
2022-05-13 17:15:07
veracode
veracode
Privilege Escalation
2022-05-17 10:05:24
osv
osv
Account takeover in facturascripts
2022-05-14 00:01:07
CVE-2022-1715
2022-05-13 17:15:07
cvelist
cvelist
CVE-2022-1715 Account Takeover in neorazorx/facturascripts
2022-05-13 17:10:10
github
github
Account takeover in facturascripts
2022-05-14 00:01:07
cve
cve
CVE-2022-1715
2022-05-13 17:15:07

0.002 Low

EPSS

Percentile

57.2%

JSON
Related for 58918962-CCB5-47F9-BB43-FFD8CAE1EF24
prion1nvd1veracode1osv2cvelist1github1cve1