header-logo
Suggest Exploit
vendor:
RedaxScript
by:
Shyamkumar Somana
7.5
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: RedaxScript
Affected Version From: 2.1.2000
Affected Version To: 2.1.2000
Patch Exists: YES
Related CWE: N/A
CPE: a:redaxmedia:redaxscript:2.1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 8
2014

Privilege Escalation in RedaxScript 2.1.0

RedaxScript 2.1.0 suffers from a privilege Escalation vulnerability. The issue occurs because the application fails to properly implement access controls. The application also fails to perform proper sanity checks on the user supplied input before processing it. These two flaws led to a vertical privilege escalation. This can be achieved by a simply tampering the parameter values. An attacker can exploit this issue to gain elevated privileges to the application.

Mitigation:

The vulnerability was addressed in the following commit: https://github.com/redaxmedia/redaxscript/commit/bfe146f98aedb9d169ae092b49991ed1b3bc0860?diff=unified
Source

Exploit-DB raw data:

​​​# Exploit Title: Privilege Escalation in RedaxScript 2.1.0
# Date: 11-05-2014
# Exploit Author: shyamkumar somana
# Vendor Homepage: http://redaxscript.com/
# Version: 2.1.0
# Tested on: Windows 8

#Privilege Escalation in RedaxScript 2.1.0


 RedaxScript 2.1.0 suffers from a privilege Escalation vulnerability. The
issue occurs because the application fails to properly implement access
controls. The application also fails to perform proper sanity checks on the
user supplied input before processing it.  These two flaws led to a
vertical privilege escalation. This can be achieved by a simply tampering
the parameter values. An attacker can exploit this issue to gain elevated
privileges to the application.

*Steps to reproduce the instance:*

·         login as a non admin user

·         Go to account and update the account.

·         intercept the request and add “*groups[]=1*” to the post data and
submit the request

·         Log out of the application and log in again. You can now browse
the application with admin privileges.

This vulnerability was addressed in the following commit.

https://github.com/redaxmedia/redaxscript/commit/bfe146f98aedb9d169ae092b49991ed1b3bc0860?diff=unified


*Timeline*:

09-26-2014:         Issue identified

09-27-2014:         Discussion with the vendor

10-27-2014:         Issue confirmed

11-05-2014:         Patch released.




Author:                                Shyamkumar Somana
Vendor Homepage:        http://redaxscript.com/download
Version:                               2.1.0
Tested on:                          Windows 7

-- 

  [image: --]
shyam kumar
[image: http://]about.me/shyamkumar.somana
     <http://about.me/shyamkumar.somana?promo=email_sig>

Shyamkumar Somana | +91 89513 38625 | twitter.com/0xshyam |
in.linkedin.com/in/sshyamkumar/ |

Navigation

Suggest Exploit

Services By CQR