Plastic SCM version 10.0.16.5622 suffers from an improper access control vulnerability that lets an attacker set the administrative password.
3cccfbf43d07c57ec5c8237fd375e9e3707eac29a071a14de3887e1a2731de3f# Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access
# Shodan Dork: title:"Plastic SCM"
# Date: 18.10.2021
# Exploit Author: Basavaraj Banakar
# Vendor Homepage: https://www.plasticscm.com/
# Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622
# Version: Plastic SCM < 10.0.16.5622
# Tested on: Chrome,Firefox,Edge
# CVE : CVE-2021-41382
# Reference: https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468
# Exploit:
1. Navigate to target.com/account [This holds administrator login console]
2. Change URL to target.com/account/register [Here able to set new password for the adminstrator user]
3. Now after changing password of administrator and login to console and Navigate to target.com/configuration/authentication and set an new password for any of the users
4. Now navigate to target.com/webui/repos and login with the recently changed password for user i.e is in step 3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed