forked from RhinoSecurityLabs/CVEs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c027583
commit ccc6226
Showing
1 changed file
with
18 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,18 @@ | ||
| # CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure | ||
|
|
||
| ## Information | ||
| **Description:** An information disclosure vulnerability exists in MicroWeber that allows an unauthenticated user to obtain the users database. | ||
| **Versions Affected:** MicroWeber 1.1.19 And Below | ||
| **Researcher:** Hunter Stanton (https://twitter.com/hun10sta) | ||
| **Disclosure Link:** https://rhinosecuritylabs.com/research/microweber-database-disclosure/ | ||
| **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2020-13405 | ||
|
|
||
| ## Proof-of-Concept Exploit | ||
| ### Description | ||
| It is possible to run PHP scripts included with MicroWeber by submitting a POST request to the /module endpoint. One of these PHP scripts, */userfiles/modules/users/controller.php*, causes MicroWeber to print the contents of the users database. By submitting a POST request with *module=users/controller* in the body of the request, it is possible to obtain the contents of the users database as an unauthenticated user. | ||
|
|
||
| ### Usage/Exploitation | ||
| On a local webserver, host CVE-2020-13405.html and open it in a web browser. Then, enter the URL of the /module endpoint in the "MicroWeber Modules URL" field and click the "Attempt Exploit" button. | ||
|
|
||
| ### Screenshot | ||
|  | ||
| # CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure | ||
|
|
||
| ## Information | ||
| **Description:** An information disclosure vulnerability exists in MicroWeber that allows an unauthenticated user to obtain the users database. | ||
| **Versions Affected:** MicroWeber 1.1.19 And Below | ||
| **Researcher:** Hunter Stanton (https://twitter.com/hun10sta) | ||
| **Disclosure Link:** https://rhinosecuritylabs.com/research/microweber-database-disclosure/ | ||
| **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2020-13405 | ||
|
|
||
| ## Proof-of-Concept Exploit | ||
| ### Description | ||
| It is possible to run PHP scripts included with MicroWeber by submitting a POST request to the /module endpoint. One of these PHP scripts, */userfiles/modules/users/controller.php*, causes MicroWeber to print the contents of the users database. By submitting a POST request with *module=users/controller* in the body of the request, it is possible to obtain the contents of the users database as an unauthenticated user. | ||
|
|
||
| ### Usage/Exploitation | ||
| On a local webserver, host CVE-2020-13405.html and open it in a web browser. Then, enter the URL of the /module endpoint in the "MicroWeber Modules URL" field and click the "Attempt Exploit" button. | ||
|
|
||
| ### Screenshot | ||
|  |