bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/51930.txt
Exploit-DB e791587e41 DB: 2024-03-29 
10 changes to exploits/shellcodes/ghdb

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure

Dell Security Management Server <1.9.0 - Local Privilege Escalation

Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Broken Access Control - on NodeBB v3.6.7

liveSite Version 2019.1 - Remote Code Execution

Purei CMS 1.0 - SQL Injection

Workout Journal App 1.0 - Stored XSS

WinRAR version 6.22 - Remote Code Execution via ZIP archive
2024-03-29 00:16:30 +00:00

37 lines
No EOL
1.3 KiB
Text
Raw Blame History

Exploit Title: Broken Access Control - on NodeBB v3.6.7
Date: 22/2/2024
Exploit Author: Vibhor Sharma
Vendor Homepage: https://nodebb.org/
Version: 3.6.7
Description:
I identified a broken access control vulnerability in nodeBB v3.6.7,
enabling attackers to access restricted information intended solely
for administrators. Specifically, this data is accessible only to
admins and not regular users. Through testing, I discovered that when
a user accesses the group section of the application and intercepts
the response for the corresponding request, certain attributes are
provided in the JSON response. By manipulating these attributes, a
user can gain access to tabs restricted to administrators. Upon
reporting this issue, it was duly acknowledged and promptly resolved
by the developers.
Steps To Reproduce:
1) User with the least previlages needs to neviagte to the group section.
2) Intercept the response for the group requets.
3) In the response modify the certian paramters : "
*"system":0,"private":0,"isMember":true,"isPending":true,"isInvited":true,"isOwner":true,"isAdmin":true,
**" *".
4) Forward the request and we can see that attacker can access the
restricted information.
*Impact:*
Attacker was able to access the restricted tabs for the Admin group
which are only allowed the the administrators.
Reference in a new issue View git blame Copy permalink