Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
[description]
An issue was discovered in MK-AUTH 19.01. The web login functionality
allows an attacker to bypass authentication and gain client privileges
via SQL injection in central/executar_login.php.
------------------------------------------
[Additional Information]
the script central/executar_login.php had poor sql query construction,
that if manipulated results in gaining access without password
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
mk-auth
------------------------------------------
[Affected Product Code Base]
mk-auth - 19.1
------------------------------------------
[Affected Component]
mk-auth web client login scripts
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[CVE Impact Other]
get client access , get logged in as client
------------------------------------------
[Attack Vectors]
one must only send a well crafted http request
------------------------------------------
[Discoverer]
Merhawi Solomon Gebrekidan (nitusan)
------------------------------------------
[Reference]
http://mk-auth.com.br/page/changelog-1
Use CVE-2020-14068.
[description]
An issue was discovered in MK-AUTH 19.01.
There are SQL injection issues in mkt/ PHP scripts, as demonstrated by
arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php,
pgcorte.php, pppoe.php, queues.php, and wifi.php.
------------------------------------------
[Additional Information]
mkt/arp.php,mkt/dhcp.php ,mkt/hotspot.php,mkt/ip.php,mkt/pgaviso.php
,mkt/pgcorte.php,mkt/pppoe.php,mkt/queues.php,mkt/wifi.php and many
more endpoints directly append user controlled data in to sql queries
and execute them
------------------------------------------
[Vulnerability Type]
SQL Injection
------------------------------------------
[Vendor of Product]
mk-auth
------------------------------------------
[Affected Product Code Base]
mk-auth - 19.1
------------------------------------------
[Affected Component]
multiple endpoints are vulnerable to sqli because of shared code
------------------------------------------
[Attack Type]
Physical
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
a well crafted HTTP request
------------------------------------------
[Discoverer]
Merhawi Solomon Gebrekidan (nitusan)
------------------------------------------
[Reference]
http://mk-auth.com.br/page/changelog-1
Use CVE-2020-14069.
[description]
An issue was discovered in MK-AUTH 19.01.
There is authentication bypass in the web login functionality
because guessable credentials to admin/executar_login.php result in
admin access.
------------------------------------------
[Additional Information]
the script admin/executar_login.php has a hard coded user and a poor
password generation practice that can be easily replicated and accessed
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
mk-auth
------------------------------------------
[Affected Product Code Base]
mk-auth - 19.1
------------------------------------------
[Affected Component]
mk-auth web admin login scripts
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[CVE Impact Other]
gain admin access , get logged in as admin
------------------------------------------
[Attack Vectors]
one must only send a well crafted http request
------------------------------------------
[Discoverer]
Merhawi Solomon Gebrekidan (nitusan)
------------------------------------------
[Reference]
http://mk-auth.com.br/page/changelog-1
Use CVE-2020-14070.
[description]
An issue was discovered in MK-AUTH 19.01.
XSS vulnerabilities in admin and client scripts allow an
attacker to execute arbitrary JavaScript code.
------------------------------------------
[Additional Information]
multiple endpoints take user controlled inputs and directly reply them
to the user without sanitization ,resulting in a cross-site-scripting
vulnerability
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
mk-auth
------------------------------------------
[Affected Product Code Base]
mk-auth - 19.1
------------------------------------------
[Affected Component]
multiple admin and client scripts
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
xss can be used for a mu
------------------------------------------
[Attack Vectors]
a well crafted HTTP request
------------------------------------------
[Discoverer]
Merhawi Solomon Gebrekidan (nitusan)
------------------------------------------
[Reference]
http://mk-auth.com.br/page/changelog-1
Use CVE-2020-14071.
[description]
An issue was discovered in MK-AUTH 19.01.
It allows command execution as root via shell metacharacters to /auth
admin scripts.
------------------------------------------
[Additional Information]
multiple scripts inside the /auth path take user controlled parameters
and append them to commands that will eventually get executed by using
shell_exec and exec , which results in remote root command execution
------------------------------------------
[VulnerabilityType Other]
Shell Metacharacter Injection
------------------------------------------
[Vendor of Product]
mk-auth
------------------------------------------
[Affected Product Code Base]
mk-auth - 19.1
------------------------------------------
[Affected Component]
multiple endpoints in the /admin directory (path) are vulnerable to
command execution
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Attack Vectors]
a well crafted HTTP request
------------------------------------------
[Discoverer]
Merhawi Solomon Gebrekidan (nitusan)
------------------------------------------
[Reference]
http://mk-auth.com.br/page/changelog-1
Use CVE-2020-14072.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment