Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19550 PoC — Senior Rubiweb 信息泄露漏洞

Source
https://github.com/redteambrasil/CVE-2019-19550
Associated Vulnerability
Title:Senior Rubiweb 信息泄露漏洞 (CVE-2019-19550)
Description:Senior Rubiweb 6.2.34.28版本和6.2.34.37版本中存在安全漏洞。攻击者可利用该漏洞访问受影响用户的敏感信息。
Readme
# CVE-2019-19550

------------------------------------------

## [Description]

Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.

------------------------------------------

## [Important Dates]

- Announcement (to Vendor): 2019-12-02
- Public disclosure date: 2020-01-30

------------------------------------------

## [Vulnerability Type]

Incorrect Access Control

------------------------------------------

## [Vendor of Product]

Senior

------------------------------------------

## [Affected Product Code Base]

- Rubiweb - 6.2.34.37
- Rubiweb - 6.2.34.28
- Other versions may be affected, especially in the same family (not tested yet)

------------------------------------------

## [Affected Component]

Rubiweb

------------------------------------------

## [Attack Type]

Remote

------------------------------------------

## [Impact Information Disclosure]

True

------------------------------------------

## [Attack Vectors]

Access to sensitive information is publicly available without special requirements (only the correct URI)

------------------------------------------

## [Has vendor confirmed or acknowledged the vulnerability?]

True

------------------------------------------

## [PoC - Proof of Concept]

1. Simply try to connect to authenticated portal to confirm the existence and version of affected product: 
   - hXXp://subdomain.customer.tld:8080/rubiweb/
2. Access the vulnerable page (admin without authentication):
   - hXXp://subdomain.customer.tld:8080/rubiweb/conector?ACAO=EXESENHA&SIS=FP&LOGINKIND=1
   - hXXp://subdomain.customer.tld:8080/rubiweb/conector?ACAO=ENTRANCEREL&SIS=FP&NOME=FPIN103.ANU

------------------------------------------

## [Discoverer]

Mauricio Santos (R&D UnderProtection) and Hesron Hori (R&D UnderProtection) and @redteambrasil

------------------------------------------

## [Thanks to]

Senior - Vendor's Information Security Team who collaborated to a coordinated disclosure

------------------------------------------

## [Reference]

- https://www.underprotection.com.br
- https://documentacao.senior.com.br/tecnologia/6.2.34/index.htm
- https://documentacao.senior.com.br/tecnologia/6.2.34/index.htm#central-de-configuracao/CfgWebApplicationsForm.htm%23CfgWebApplicationsForm_edtUserName
File Snapshot

 [4.0K]  /data/pocs/a86f5529b7e5c435219f0abadf58406d34c2f292
└── [2.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.