microweber

Valid

Reported on

Feb 17th 2022

Description

The Introduction of a New Line Character lets the attacker the stack trace at demo.microweber.org/ This Attack becomes more significant because of its Less complication.

The Stack trace discloses following information :

Backend Response code.
The Versions of Backend Laravel technology.
The Routing Path

Proof of Concept

Visit the following URL : https://demo.microweber.org/demo/api/logout?redirect_to=
Now Add the CRLF payload to the parameter. It will look like this : https://demo.microweber.org/demo/api/logout?redirect_to=xyz%0d%0axyz

Impact

This vulnerability is capable of disclosing sensitive stack trace exposed by the back-end which will let the attacker escalate his/her attack vector.

I Hope you understand this issue and Fix it as soon as possible. Thank you.

Occurrences

Controller.php L1-L21

I Don't have a complete Idea where this issue is actually occurring in the code link provided. But i'm guessing it should be a potential path for that vulnerability to occur.

We are processing your report and will contact the microweber team within 24 hours. a year ago

Yash K

commented a year ago

Researcher

Hello, I Found another Path which Discloses more information regarding Stack Trace :

https://demo.microweber.org/demo/admin/view:modules/load_module:admin/action:profile As you can see the name "users" in the load_module: is changed to "admin" which discloses more information about the particular user. Thank you.