Bookwyrm v0.4.3 – Authentication Bypass

  • 作者: Akshay Ravi
    日期: 2022-09-20
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/51013/
  • # Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass
    # Date: 2022-08-4
    # Exploit Author: Akshay Ravi
    # Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm
    # Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3
    # Version: <= 4.0.3
    # Tested on: MacOS Monterey
    # CVE: CVE-2022-2651
    # Original Report Link: https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550/
    
    Description: Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection
    
    # Steps to reproduce:
    
    1. Create a acount with victims email id
    2. When the account is created, its ask for email confirmation via validating OTP	
    Endpoint: https://site/confirm-email
    3. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that account