NodeBB Forum 1.12.2-1.14.2 Exploit, Account Takeover

# Exploit Title:  NodeBB Forum 1.12.2-1.14.2 - Account Takeover
# Date: 2020-08-18
# Exploit Author: Muhammed Eren Uygun
# Vendor Homepage:
# Software Link:
# Version: 1.12.2-1.14.2
# Tested on: Linux
# CVE : CVE-2020-15149 -
A bug in this validation logic made it possible to change the password of any user on a running NodeBB forum by sending a specially crafted call to the server. This could lead to a privilege escalation event due via an account takeover.

Bug PoC:
1- Create a user
2- Go to password change page
3- Change password with proxy
4- Replace the uid on the request with 1, which is the uid value of the admin user, and send the request.
5-  So you can login with this password to admin user.

All rights reserved 2009 - 2020
Powered by: MVCP 2.0-RC / ASPF / PHP 7.4 / NGINX / FreeBSD