Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover"

Author

Exploit author

"Mufaddal Masalawala"

Platform

Exploit platform

php

Release date

Exploit published date

2020-12-02

                
                    
                         Download file
                    
                
            
#Exploit Title: Anuko Time Tracker 1.19.23.5311 - Password Reset Vulnerability leading to Account Takeover
#Date: 2020-11-11
#Exploit Author: Mufaddal Masalawala
#Vendor Homepage: https://www.anuko.com/
#Software Link: https://www.anuko.com/time-tracker/index.htm
#Version: 1.19.23.5311
#Tested on: Kali Linux 2020.3
#CVE: CVE-2020-27422
#Proof Of Concept:
In Anuko Time Tracker v1.19.23.5311 and prior, the password reset link
emailed to the user doesn't expire once used, hence the attacker could use
the same link to take over the victim's account. An Attacker needs to have
the link for successful exploitation. A malicious user could use the same
password reset link of the victim multiple times to take over the account.
To exploit this vulnerability:

   1. Goto 'Password Reset' module and enter any user's login name
   2. Reset the password using the password reset link received in the email
   3. Use the same link again after resetting the password once
   4. Password is changed again using the previously used link.

Release Date	Title	Type	Platform	Author
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"ILIAS Learning Management System 4.3 - SSRF"	webapps	multiple	Dot
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"
2020-12-02	"Microsoft Windows - Win32k Elevation of Privilege"	local	windows	nu11secur1ty
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"

Release Date	Title	Type	Platform	Author
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"WordPress Plugin Wp-FileManager 6.8 - RCE"	webapps	php	"Mansoor R"
2020-12-02	"WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution"	webapps	php	zetc0de
2020-12-02	"WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting"	webapps	php	"Hemant Patidar"
2020-12-02	"Simple College Website 1.0 - 'page' Local File Inclusion"	webapps	php	Mosaaed
2020-12-02	"Car Rental Management System 1.0 - SQL Injection / Local File include"	webapps	php	Mosaaed
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"
2020-12-02	"WonderCMS 3.1.3 - Authenticated Remote Code Execution"	webapps	php	zetc0de
2020-12-01	"Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS"	webapps	php	yunaranyancat

Release Date	Title	Type	Platform	Author
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover"	webapps	php	"Mufaddal Masalawala"
2020-12-01	"Tendenci 12.3.1 - CSV/ Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-11-10	"Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection"	webapps	php	"Mufaddal Masalawala"
2020-09-07	"grocy 2.7.1 - Persistent Cross-Site Scripting"	webapps	php	"Mufaddal Masalawala"

import requests

response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49174/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Search for hundreds of thousands of exploits

"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.