diff --git a/CVE-2020-13405/README.md b/CVE-2020-13405/README.md index 5b260c0..cdb6e80 100644 --- a/CVE-2020-13405/README.md +++ b/CVE-2020-13405/README.md @@ -1,18 +1,18 @@ -# CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure - -## Information -**Description:** An information disclosure vulnerability exists in MicroWeber that allows an unauthenticated user to obtain the users database. -**Versions Affected:** MicroWeber 1.1.19 And Below -**Researcher:** Hunter Stanton (https://twitter.com/hun10sta) -**Disclosure Link:** https://rhinosecuritylabs.com/research/microweber-database-disclosure/ -**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2020-13405 - -## Proof-of-Concept Exploit -### Description -It is possible to run PHP scripts included with MicroWeber by submitting a POST request to the /module endpoint. One of these PHP scripts, */userfiles/modules/users/controller.php*, causes MicroWeber to print the contents of the users database. By submitting a POST request with *module=users/controller* in the body of the request, it is possible to obtain the contents of the users database as an unauthenticated user. - -### Usage/Exploitation -On a local webserver, host CVE-2020-13405.html and open it in a web browser. Then, enter the URL of the /module endpoint in the "MicroWeber Modules URL" field and click the "Attempt Exploit" button. - -### Screenshot -![The users database being disclosed by CVE-2020-13405.](poc_image.png) +# CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure + +## Information +**Description:** An information disclosure vulnerability exists in MicroWeber that allows an unauthenticated user to obtain the users database. +**Versions Affected:** MicroWeber 1.1.19 And Below +**Researcher:** Hunter Stanton (https://twitter.com/hun10sta) +**Disclosure Link:** https://rhinosecuritylabs.com/research/microweber-database-disclosure/ +**NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2020-13405 + +## Proof-of-Concept Exploit +### Description +It is possible to run PHP scripts included with MicroWeber by submitting a POST request to the /module endpoint. One of these PHP scripts, */userfiles/modules/users/controller.php*, causes MicroWeber to print the contents of the users database. By submitting a POST request with *module=users/controller* in the body of the request, it is possible to obtain the contents of the users database as an unauthenticated user. + +### Usage/Exploitation +On a local webserver, host CVE-2020-13405.html and open it in a web browser. Then, enter the URL of the /module endpoint in the "MicroWeber Modules URL" field and click the "Attempt Exploit" button. + +### Screenshot +![The users database being disclosed by CVE-2020-13405.](poc_image.png)