- Visit the CWP Control Panlel url :
- Enter a valid username and any email address (here the attacker will put his email id) Capture the request in Burp Suite
Click Forward
In the next intercept, change the value "0" to "1"
fir3storm
fir3storm
/ gist:c8a013d1231c22e22835566609620afd
Created
May 19, 2023 14:10
Zero-Day Vulnerability Identified in Credence Analytics - iDEAL - Wealth and Funds - V1.0
View gist:c8a013d1231c22e22835566609620afd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| SQL injection in "/Framewrk/Home.jsp" file (POST method) in "tCredence" allows authenticated remote attackers to inject payload via "v" parameter. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| SQL Injection | |
| ------------------------------------------ |
fir3storm
/ CWE Control Panel - Password Recovery Bypass.md
Created
September 14, 2023 17:40
CWP Web Control Panel "Recover Password" component bypass
View CWE Control Panel - Password Recovery Bypass.md