terça-feira, 16 de novembro de 2021

KONGA 0.14.9 - Privilege Escalation (Exploit) ("Won CVE-2021-44103!")

Report Vulnerability

Product: KONGA 
Model:  0.14.9 
Vulnerability: Privilege Escalation
Impact: Full admin access (v
ertical privilege escalation)

Authentication: required 

Exploit Author: Fabricio Salomao (@_SOl0m0n) / Paulo Trindade (@paulotrindadec)


PoC


Bellow has created a normal user called "usernormal" without privilege.







Through of request bellow was changed the flag "FALSE" in the parameter "admin" to "TRUE".



Therefore was created an exploit for us : https://www.exploit-db.com/exploits/50521



After running the exploit, the privilege escalation was a success!

Result:







Nenhum comentário:

Postar um comentário