You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This module was created for industry professionals and pentesters to test the security of their web applications and determine whether to upgrade to a newer version in order to fix the flaw. It supports any web application that uses Strapi CMS and is expected to perform a password reset on a privileged user.
The text was updated successfully, but these errors were encountered:
You could submit the module as a PR and we can see about accepting it since it looks like you already wrote it. We'd just be missing docs and it looks like the module might need a couple of changes.
Summary
This exploit module abuses mishandling of password reset in JSON for Strapi CMS version 3.0.0-beta.17.4 to change the password of a privileged user.
Basic example
POC: https://wackyhacker.github.io/vulnearabilities/CVE-2019-18818/
Exploit-db: https://www.exploit-db.com/exploits/50716
Motivation
This module was created for industry professionals and pentesters to test the security of their web applications and determine whether to upgrade to a newer version in order to fix the flaw. It supports any web application that uses Strapi CMS and is expected to perform a password reset on a privileged user.
The text was updated successfully, but these errors were encountered: