.. / CVE-2018-9845

Exploit for Etherpad Lite <1.6.4 - Admin Authentication Bypass (CVE-2018-9845)

Description:

Etherpad Lite before 1.6.4 is exploitable for admin access.

Nuclei Template

View the template here CVE-2018-9845.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-9845.yaml

References:

https://github.com/ether/etherpad-lite/blob/develop/CHANGELOG.md
https://nvd.nist.gov/vuln/detail/CVE-2018-9845
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b
https://infosecwriteups.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4