关联漏洞
标题:
Crixp Opencrx 授权问题漏洞
(CVE-2020-7378)
描述:Crixp Crixp Opencrx是瑞士Crixp公司的一款对销售过程进行管理的建站系统。该系统基于Java的客户端的Java API和兼容Swagger的RESTful API,可用于销售,服务,市场营销,联系中心和问题管理等场景。 CRIXP OpenCRX version 4.30版本及5.0-20200717之前版本存在安全漏洞,该漏洞源于存在未经验证的密码更改漏洞。攻击者可利用该漏洞可以将任何用户的密码(包括admin-Standard)更改为所选的任何值。
描述
Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378. Also maintains Stealth by deleting all the password reset mails created by the script
介绍
# openCRX-CVE-2020-7378 (Unauthenticated Account Take Over)
Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378.
## A Stealthy Python Implentation for CVE-2020-7378
### Exploit is because, the developers used Random Class from java.util.Random to generate random tokens in order to reset a users password
### Instead they should be using the SecureRandom Class from java.security.SecureRandom to generate random tokens
#### Tested on v4.2.0, but should also work for other versions reported in the disclosure report of CVE-2020-7378
# Usage
`./openCRXreset.py -u <URL> -user <USERNAME> -pass <PASSWORD>`
# Features
- Uses python rich library to display a robust output
- Deletes all the temporarily created files locally as part of the script
- Deletes **only the password reset mails** generated by the script in order to maintain stealth
文件快照
[4.0K] /data/pocs/71ff4839afe2634e3483bc987440fdf61f5661d3
├── [4.0K] images
│ ├── [206K] final.png
│ ├── [ 89K] help.png
│ └── [126K] inital-run.png
├── [1.0K] LICENSE
├── [8.9K] openCRXreset.py
├── [ 796] openCRXtimeGen.java
└── [1.1K] README.md
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。