Auxiliary module of CVE-2019-18818 #16168
Labels
suggestion-module
New module suggestions
Comments
|
You could submit the module as a PR and we can see about accepting it since it looks like you already wrote it. We'd just be missing docs and it looks like the module might need a couple of changes. |
|
If you provide instructions on getting this version to run in docker, i'll work on making the module framework compliant |
|
sorry, @WackyHacker on that last comment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
This exploit module abuses mishandling of password reset in JSON for Strapi CMS version 3.0.0-beta.17.4 to change the password of a privileged user.
Basic example
POC: https://wackyhacker.github.io/vulnearabilities/CVE-2019-18818/
Exploit-db: https://www.exploit-db.com/exploits/50716
Motivation
This module was created for industry professionals and pentesters to test the security of their web applications and determine whether to upgrade to a newer version in order to fix the flaw. It supports any web application that uses Strapi CMS and is expected to perform a password reset on a privileged user.
The text was updated successfully, but these errors were encountered: