CVE-2024-26331 PoC — ReCrystallize Server 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-26331.yaml

Associated Vulnerability

Title:ReCrystallize Server 安全漏洞 (CVE-2024-26331)
Description:ReCrystallize是ReCrystallize公司的一个报告软件。 ReCrystallize Server 5.10.0.0版本存在安全漏洞，该漏洞源于使用依赖于 cookie 值的授权机制，但不会将 cookie 值绑定到会话 ID，攻击者利用该漏洞可以通过修改 cookie 来绕过身份验证机制。

Description

This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.

File Snapshot


 id: CVE-2024-26331

info:
  name: ReCrystallize Server - Authentication Bypass
  author: Carson Chan

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!