Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-nu11-16-092421

Last updated September 26, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Validated

Description

The OBS-PHP(by:oretnom23)v1.0 is vulnerable to remote SqL-Injection bypass Authentication, XSS-Stored and PHPSESSID Hijacking. The vulnerable app: to remote SqL – injection bypass Authentication is “login.php”, with parameters: “username” and “password”. After the successful PWNED of the credentials for the admin account, the malicious user can be storing an XSS payload, whit who can take the active PHPSESSID every time when he wants to log in to the system with an admin account by using this exploit.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Easy to weaponizeGives privileged accessVulnerable in default configuration
Technical Analysis

CVE-nu11-16-092421

Description:

The OBS-PHP(by:oretnom23)v1.0 is vulnerable to remote SQL-Injection bypass Authentication, XSS-Stored, and PHPSESSID Hijacking.
The vulnerable app: to remote SQL – injection bypass Authentication is “login.php”, with parameters: “username” and “password”.
After the successful PWNED of the credentials for the admin account, the malicious user can be storing an XSS payload, whit who can take the active PHPSESSID
every time when he wants to log in to the system with an admin account by using this exploit.

Reproduce: href

Proof: href

BR nu11secur1ty

Log in to Add Reply

General Information

Offensive Application
remote
Utility Class
privesc
Ports
Unknown
OS
Unknown
Vulnerable Versions
Unknown
Prerequisites
Unknown
Discovered By
nu11secur1ty
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
nu11secur1ty
Technical Analysis