bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/49174.txt
Offensive Security 0ffa4d35c4 DB: 2020-12-03 
32 changes to exploits/shellcodes

aSc TimeTables 2021.6.2 - Denial of Service (PoC)
IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path
Microsoft Windows - Win32k Elevation of Privilege
Ksix Zigbee Devices - Playback Protection Bypass (PoC)
Mitel mitel-cs018 - Call Data Information Disclosure
Expense Management System - 'description' Stored Cross Site Scripting
ILIAS Learning Management System 4.3 - SSRF
Pharmacy Store Management System 1.0 - 'id' SQL Injection
Under Construction Page with CPanel 1.0 - SQL injection
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF
Student Result Management System 1.0 - Authentication Bypass SQL Injection
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting
WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution
WonderCMS 3.1.3 - Authenticated Remote Code Execution
PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS
Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting
NewsLister - Authenticated Persistent Cross-Site Scripting
Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting
Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting
Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
DotCMS 20.11 - Stored Cross-Site Scripting
WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass
ChurchCRM 4.2.0 - CSV/Formula Injection
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality
Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover
Simple College Website 1.0 - 'page' Local File Inclusion
Car Rental Management System 1.0 - SQL Injection / Local File include
WordPress Plugin Wp-FileManager 6.8 - RCE
2020-12-03 05:01:56 +00:00

20 lines
No EOL
1 KiB
Text
Raw Blame History

#Exploit Title: Anuko Time Tracker 1.19.23.5311 - Password Reset Vulnerability leading to Account Takeover
#Date: 2020-11-11
#Exploit Author: Mufaddal Masalawala
#Vendor Homepage: https://www.anuko.com/
#Software Link: https://www.anuko.com/time-tracker/index.htm
#Version: 1.19.23.5311
#Tested on: Kali Linux 2020.3
#CVE: CVE-2020-27422
#Proof Of Concept:
In Anuko Time Tracker v1.19.23.5311 and prior, the password reset link
emailed to the user doesn't expire once used, hence the attacker could use
the same link to take over the victim's account. An Attacker needs to have
the link for successful exploitation. A malicious user could use the same
password reset link of the victim multiple times to take over the account.
To exploit this vulnerability:
1. Goto 'Password Reset' module and enter any user's login name
2. Reset the password using the password reset link received in the email
3. Use the same link again after resetting the password once
4. Password is changed again using the previously used link.
Reference in a new issue View git blame Copy permalink