In Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030), reset-code is stored in the clear text that allows attackers to gain admin access with any SQLi.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory:
mir-hossein Analyst
In Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030), reset-code is stored in the clear text that allows attackers to gain admin access with any SQLi.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory: