important E-Mail Input Field bypassed allowing Account Lockout and Takeover in thorsten/phpmyfaq
Reported on
Jan 24th 2023
Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan (mohammedzidan99@gmail.com ) and I were able to Account Lockout Vulnerability by bypassing the Input of the E-Mail Address. The Process of identifying the Vulnerability
- Login
- Go to https://roy.demo.phpmyfaq.de/admin/?action=user&user_id=1
- Anybody can change the User E-Mail and it is required to type an E-Mail
- If there is no E-Mail the User can maybe lock his account and never get a Passwort Reset E-Mail because no E-Mail Address is written in the Field
- We were able to bypass the Security Mechanism and do not need to type an E-Mail Address which can lead to an Account Lockout without any Possibility for Recovery
Thank you very much for your time and effort and hope hearing from you soon.
Best regards Ahmed Hassan & Josef Hassan
Impact
Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan (mohammedzidan99@gmail.com ) and I were able to Account Lockout Vulnerability by bypassing the Input of the E-Mail Address. The Process of identifying the Vulnerability
- Login
- Go to https://roy.demo.phpmyfaq.de/admin/?action=user&user_id=1
- Anybody can change the User E-Mail and it is required to type an E-Mail
- If there is no E-Mail the User can maybe lock his account and never get a Passwort Reset E-Mail because no E-Mail Address is written in the Field
- We were able to bypass the Security Mechanism and do not need to type an E-Mail Address which can lead to an Account Lockout without any Possibility for Recovery
Thank you very much for your time and effort and hope hearing from you soon.
Best regards Ahmed Hassan & Josef Hassan
