.. / CVE-2018-1000226

Exploit for Cobbler - Authentication Bypass (CVE-2018-1000226)

Description:

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API (/cobbler_api) that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting. This attack appear to be exploitable via “network connectivity”. Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

Nuclei Template

View the template here CVE-2018-1000226.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-1000226.yaml

References:

https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/cobbler/cobbler/issues/1916
https://nvd.nist.gov/vuln/detail/CVE-2018-1000226

.. / CVE-2018-1000226 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Cobbler - Authentication Bypass (CVE-2018-1000226)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-1000226