Last active
January 5, 2024 13:28
-
-
Save merhawi023/a1155913df3cf0c17971b0fb7dcd8f20 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[description] | |
An issue was discovered in MK-AUTH 19.01. The web login functionality | |
allows an attacker to bypass authentication and gain client privileges | |
via SQL injection in central/executar_login.php. | |
------------------------------------------ | |
[Additional Information] | |
the script central/executar_login.php had poor sql query construction, | |
that if manipulated results in gaining access without password | |
------------------------------------------ | |
[Vulnerability Type] | |
Incorrect Access Control | |
------------------------------------------ | |
[Vendor of Product] | |
mk-auth | |
------------------------------------------ | |
[Affected Product Code Base] | |
mk-auth - 19.1 | |
------------------------------------------ | |
[Affected Component] | |
mk-auth web client login scripts | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[CVE Impact Other] | |
get client access , get logged in as client | |
------------------------------------------ | |
[Attack Vectors] | |
one must only send a well crafted http request | |
------------------------------------------ | |
[Discoverer] | |
Merhawi Solomon Gebrekidan (nitusan) | |
------------------------------------------ | |
[Reference] | |
http://mk-auth.com.br/page/changelog-1 | |
Use CVE-2020-14068. | |
[description] | |
An issue was discovered in MK-AUTH 19.01. | |
There are SQL injection issues in mkt/ PHP scripts, as demonstrated by | |
arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, | |
pgcorte.php, pppoe.php, queues.php, and wifi.php. | |
------------------------------------------ | |
[Additional Information] | |
mkt/arp.php,mkt/dhcp.php ,mkt/hotspot.php,mkt/ip.php,mkt/pgaviso.php | |
,mkt/pgcorte.php,mkt/pppoe.php,mkt/queues.php,mkt/wifi.php and many | |
more endpoints directly append user controlled data in to sql queries | |
and execute them | |
------------------------------------------ | |
[Vulnerability Type] | |
SQL Injection | |
------------------------------------------ | |
[Vendor of Product] | |
mk-auth | |
------------------------------------------ | |
[Affected Product Code Base] | |
mk-auth - 19.1 | |
------------------------------------------ | |
[Affected Component] | |
multiple endpoints are vulnerable to sqli because of shared code | |
------------------------------------------ | |
[Attack Type] | |
Physical | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Impact Denial of Service] | |
true | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
a well crafted HTTP request | |
------------------------------------------ | |
[Discoverer] | |
Merhawi Solomon Gebrekidan (nitusan) | |
------------------------------------------ | |
[Reference] | |
http://mk-auth.com.br/page/changelog-1 | |
Use CVE-2020-14069. | |
[description] | |
An issue was discovered in MK-AUTH 19.01. | |
There is authentication bypass in the web login functionality | |
because guessable credentials to admin/executar_login.php result in | |
admin access. | |
------------------------------------------ | |
[Additional Information] | |
the script admin/executar_login.php has a hard coded user and a poor | |
password generation practice that can be easily replicated and accessed | |
------------------------------------------ | |
[Vulnerability Type] | |
Incorrect Access Control | |
------------------------------------------ | |
[Vendor of Product] | |
mk-auth | |
------------------------------------------ | |
[Affected Product Code Base] | |
mk-auth - 19.1 | |
------------------------------------------ | |
[Affected Component] | |
mk-auth web admin login scripts | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[CVE Impact Other] | |
gain admin access , get logged in as admin | |
------------------------------------------ | |
[Attack Vectors] | |
one must only send a well crafted http request | |
------------------------------------------ | |
[Discoverer] | |
Merhawi Solomon Gebrekidan (nitusan) | |
------------------------------------------ | |
[Reference] | |
http://mk-auth.com.br/page/changelog-1 | |
Use CVE-2020-14070. | |
[description] | |
An issue was discovered in MK-AUTH 19.01. | |
XSS vulnerabilities in admin and client scripts allow an | |
attacker to execute arbitrary JavaScript code. | |
------------------------------------------ | |
[Additional Information] | |
multiple endpoints take user controlled inputs and directly reply them | |
to the user without sanitization ,resulting in a cross-site-scripting | |
vulnerability | |
------------------------------------------ | |
[Vulnerability Type] | |
Cross Site Scripting (XSS) | |
------------------------------------------ | |
[Vendor of Product] | |
mk-auth | |
------------------------------------------ | |
[Affected Product Code Base] | |
mk-auth - 19.1 | |
------------------------------------------ | |
[Affected Component] | |
multiple admin and client scripts | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[CVE Impact Other] | |
xss can be used for a mu | |
------------------------------------------ | |
[Attack Vectors] | |
a well crafted HTTP request | |
------------------------------------------ | |
[Discoverer] | |
Merhawi Solomon Gebrekidan (nitusan) | |
------------------------------------------ | |
[Reference] | |
http://mk-auth.com.br/page/changelog-1 | |
Use CVE-2020-14071. | |
[description] | |
An issue was discovered in MK-AUTH 19.01. | |
It allows command execution as root via shell metacharacters to /auth | |
admin scripts. | |
------------------------------------------ | |
[Additional Information] | |
multiple scripts inside the /auth path take user controlled parameters | |
and append them to commands that will eventually get executed by using | |
shell_exec and exec , which results in remote root command execution | |
------------------------------------------ | |
[VulnerabilityType Other] | |
Shell Metacharacter Injection | |
------------------------------------------ | |
[Vendor of Product] | |
mk-auth | |
------------------------------------------ | |
[Affected Product Code Base] | |
mk-auth - 19.1 | |
------------------------------------------ | |
[Affected Component] | |
multiple endpoints in the /admin directory (path) are vulnerable to | |
command execution | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
a well crafted HTTP request | |
------------------------------------------ | |
[Discoverer] | |
Merhawi Solomon Gebrekidan (nitusan) | |
------------------------------------------ | |
[Reference] | |
http://mk-auth.com.br/page/changelog-1 | |
Use CVE-2020-14072. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could you make the poc available?