.. / CVE-2024-26331

Exploit for ReCrystallize Server - Authentication Bypass (CVE-2024-26331)

Description:

This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the ‘AdminUsername’ cookie. This gives the attacker administrative access to the application’s functionality, even when the default password has been changed.

Nuclei Template

View the template here CVE-2024-26331.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-26331.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-26331
https://preview.sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/
https://github.com/Ostorlab/KEV
https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm
https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/