Headline
Microweber CMS 1.2.15 Account Takeover
Microweber CMS versions 1.2.15 and below suffer from an account takeover vulnerability.
# Exploit Title: Microweber CMS 1.2.15 - Account Takeover# Date: 2022-05-09# Exploit Author: Manojkumar J# Vendor Homepage: https://github.com/microweber/microweber# Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15# Version: <=1.2.15# Tested on: Windows10# CVE : CVE-2022-1631# Description:Microweber Drag and Drop Website Builder E-commerce CMS v1.2.15 OauthMisconfiguration Leads To Account Takeover.# Steps to exploit:1. Create an account with the victim's email address.Register endpoint: https://target-website.com/register#2. When the victim tries to login with default Oauth providers like Google,Github, Microsoft, Twitter, Linkedin, Telegram or Facebook etc(auth login)with that same e-mail id that we created account before, via this way wecan take over the victim's account with the recently created logincredentials.
Related news
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.