[webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
Stacks Mobile App Builder 5.2.3版本存在认证绕过漏洞。攻击者通过篡改URL参数(如/?mobile_co=1&uid=1)可冒充用户ID为1(通常是管理员)的身份,获取认证令牌并访问管理后台。 2025-7-8 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:7 收藏
Stacks Mobile App Builder 5.2.3版本存在认证绕过漏洞。攻击者通过篡改URL参数(如/?mobile_co=1&uid=1)可冒充用户ID为1(通常是管理员)的身份,获取认证令牌并访问管理后台。 2025-7-8 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:7 收藏
# Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
# Date: October 25, 2024
# Exploit Author: stealthcopter
# Vendor Homepage: https://stacksmarket.co/
# Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/
# Version: <= 5.2.3
# Tested on: Ubuntu 24.10/Docker
# CVE: CVE-2024-50477
# References:
# - https://github.com/stealthcopter/wordpress-hacking/blob/main/reports/stacks-mobile-app-builder-priv-esc/stacks-mobile-app-builder-priv-esc.md
# - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-authentication-bypass-via-account-takeover
1. Navigate to the target site and append the following query parameters to the URL to impersonate the user with ID `1`:
`/?mobile_co=1&uid=1`
2. You will now receive an authentication cookie for the specified user ID (typically, user ID `1` is the site administrator).
3. Visit `/wp-admin` — you should have full access to the admin dashboard.
文章来源: https://www.exploit-db.com/exploits/52357
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh