Authentication Bypass Using an Alternate Path or Channel in requarks/wiki


Reported on

May 8th 2022

Steps to reproduce

  1. 1. Log into Administrator account
  2. 2. Navigate to User section
  3. 3. Create a new User, call it testUser pass is 12345678
  4. 4. Navigate to Groups section and create a new group, call it testGroup
  5. 5. Give a "manage:group" permission for testGroup and assign testUser to group
  6. 6. Log into testUser account and navigate to Groups --> Permissions section
  7. 7. Click on Update Group and intercept it by BurpSuit Iterceptor
  8. 8. Change "permissions":["manage:groups"], to "permissions":["manage:system"]
  9. 9. Relog in and obverse that we can manage system
  10. 10. It can't be done via GUI
  11. 11. Video PoC:


User can get root user permissions

We are processing your report and will contact the requarks/wiki team within 24 hours. 17 days ago
We have contacted a member of the requarks/wiki team and are waiting to hear back 16 days ago
Nicolas Giard validated this vulnerability 16 days ago
n1k1x86 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Nicolas Giard confirmed that a fix has been merged on 78d02d 16 days ago
Nicolas Giard has been awarded the fix bounty
16 days ago


Greets! Are you not against assigning a CVE as a maintainer? Huntr will do it all automatically with your agreement. Thanks for the reply in advance! This vulnerability was found in collaboration with @scara31 (

16 days ago


@admin Hey, sorry for the ping, could you please assign a CVE for this one if maintainer doesn't mind it?

Jamie Slome
13 days ago


Sorted 👍

12 days ago


Hi! I'm very pleased, thank you!

to join this conversation