7cbe771564
5 changes to exploits/shellcodes Blink1Control2 2.2.7 - Weak Password Encryption Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE) Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE) Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass Bookwyrm v0.4.3 - Authentication Bypass
18 lines
No EOL
837 B
Text
18 lines
No EOL
837 B
Text
# Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass
|
|
# Date: 2022-08-4
|
|
# Exploit Author: Akshay Ravi
|
|
# Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm
|
|
# Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3
|
|
# Version: <= 4.0.3
|
|
# Tested on: MacOS Monterey
|
|
# CVE: CVE-2022-2651
|
|
# Original Report Link: https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550/
|
|
|
|
Description: Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection
|
|
|
|
# Steps to reproduce:
|
|
|
|
1. Create a acount with victims email id
|
|
2. When the account is created, its ask for email confirmation via validating OTP
|
|
Endpoint: https://site/confirm-email
|
|
3. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that account |