Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrN1k1x86591B11E1-7504-4A96-99C6-08F2B419E767
HistoryMay 08, 2022 - 10:05 a.m.

Authentication Bypass Using an Alternate Path or Channel

2022-05-0810:05:30
n1k1x86
www.huntr.dev
16

0.001 Low

EPSS

Percentile

41.2%

JSON

Steps to reproduce

  1. 1. Log into Administrator account
  2. 2. Navigate to User section
  3. 3. Create a new User, call it testUser pass is 12345678
  4. 4. Navigate to Groups section and create a new group, call it testGroup
  5. 5. Give a “manage:group” permission for testGroup and assign testUser to group
  6. 6. Log into testUser account and navigate to Groups –> Permissions section
  7. 7. Click on Update Group and intercept it by BurpSuit Iterceptor
  8. 8. Change “permissions”:[“manage:groups”], to “permissions”:[“manage:system”]
  9. 9. Relog in and obverse that we can manage system
  10. 10. It can’t be done via GUI
  11. 11. Video PoC: https://youtu.be/yd0uFCwEBiE

Related

prion 1
nvd 1
cve 1
osv 1
cvelist 1
prion
prion
Authentication flaw
2022-05-12 08:15:00
nvd
nvd
CVE-2022-1681
2022-05-12 08:15:07
cve
cve
CVE-2022-1681
2022-05-12 08:15:07
osv
osv
CVE-2022-1681
2022-05-12 08:15:07
cvelist
cvelist
CVE-2022-1681 Authentication Bypass Using an Alternate Path or Channel in requarks/wiki
2022-05-12 07:45:14

0.001 Low

EPSS

Percentile

41.2%

JSON
Related for 591B11E1-7504-4A96-99C6-08F2B419E767
prion1nvd1cve1osv1cvelist1