Misinterpretation of Input in emoncms/dashboard
Jul 22nd 2021
account takeover via host-header injection It allow attacker to change url of account-verification link and verify any email-address .
💥 STEP TO REPRODUCE
1. First as attacker create a account with email
firstname.lastname@example.org. You dont own that email-address .
You cant login untill you verify that email address. But you are not owner of that email .
Now attacker send bellow account-verify request
Here in this request header see i put
Host: attacker-domain.com and send the request .
Now vicitm email address will received a verification link like
Here in this url see attacker domain . When vicitm will open his mail and click that verification link then verification code will be sent to attacker-domain .\