Exploit Details
⚖️ Legal Disclaimer
Xenpaii Team holds absolute zero liability for your actions. This tool is provided "as is" for educational research and authorized auditing only. What you do with this power is your own burden.
Target Plugin: vitepos-lite (Fixed in 3.4.2)
Vulnerability Type: Privilege Escalation to Administrator
Description:
The plugin does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom plugin role to escalate privileges to administrator.
Kerentanan ini memungkinkan pengguna yang memiliki role khusus dari plugin untuk melewati batasan keamanan saat membuat user baru melalui endpoint REST API, sehingga mereka dapat memberikan hak akses Administrator kepada diri mereka sendiri atau user lain.
References
Specifications
- Language: Python 3.x
- Requirements: requests, colorama
- Multi-threaded scanning support.
- Bypass common WAF signatures.