Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.
e559a6fc29b5452cf0090e6cc326b4afa0c52ebd83000579ad0a03b5b75fae8a#Monstra <= 3.0.1 Admin Bruteforce Limit Bypass
admin/index.php
:33-42
// Admin login
if (Request::post('login_submit')) {
if (Cookie::get('login_attempts') && Cookie::get('login_attempts') >= 5) {
$login_error = __('You are banned for 10 minutes. Try again
later', 'users');
} else {
$user = $users->select("[login='" .
trim(Request::post('login')) . "']", null);
}
The code blocks bruteforce attempts simply by placing a cookie called "login_attempts" in the victims browser an attacker can craft a bruteforce script that either clears cookies or does not send cookies at all.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed