NodeBB Forum 1.14.2 Account Takeover

NodeBB Forum versions 1.12.2 through 1.14.2 suffer from an account takeover vulnerability.

MD5 | 560b2df1f994e52769ed6b202cf888c7

# Exploit Title:  NodeBB Forum 1.12.2-1.14.2 - Account Takeover
# Date: 2020-08-18
# Exploit Author: Muhammed Eren Uygun
# Vendor Homepage:
# Software Link:
# Version: 1.12.2-1.14.2
# Tested on: Linux
# CVE : CVE-2020-15149 -
A bug in this validation logic made it possible to change the password of any user on a running NodeBB forum by sending a specially crafted call to the server. This could lead to a privilege escalation event due via an account takeover.

Bug PoC:
1- Create a user
2- Go to password change page
3- Change password with proxy
4- Replace the uid on the request with 1, which is the uid value of the admin user, and send the request.
5- So you can login with this password to admin user.

Related Posts