Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Squiz Matrix CMS squashes admin account takeover bug

An indirect object reference (IDOR) vulnerability in the Squiz Matrix web content management system (CMS) could have enabled attackers to seize admin rights on targeted installations.

Squiz Matrix is a browser-based website-building tool reportedly used by more than 280 organizations, including governments, businesses, and half of Australian and New Zealand universities, as well as several UK higher education institutions.

Discovered during a pen-test engagement by Trustwave SpiderLabs, the privilege escalation flaw meant a low privileged user could change the contact details of any user – including administrators.

By changing an administrator’s email to an attacker-controlled address they could then initiate a password reset and take control of their account.

And, “as user account numbers are in a sequential order, an attacker could run through user account numbers and change the details of every user registered to the vulnerable Squiz Matrix instance”, according to a blog post disclosing the flaw.

Squiz Matrix patched the vulnerability for all customers as of June 14, 2022, well before Trustwave disclosed details of the problem on August 31.

Proof of concept

To exploit the bug, an attacker would authenticate to the application as a general level user, navigate to the ‘Edit Contact’ page, and submit the contact-editing form before capturing the request with a web interception proxy.

The resulting request would contain GET and POST parameters named ‘asset_id’ that both contain the targeted user’s user_id.

After changing the asset_id parameter value to a valid user_id, an attacker could then change user details in the POST body, such as changing the email parameter and upgrading userType to sp_admin.

Source: https://portswigger.net/daily-swig/squiz-matrix-cms-squashes-admin-account-takeover-bug

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO