Revealing CVE-2024-22988 - A Unique Dive into Exploiting Access Control Gaps in ZKBio WDMS. Uncover the Untold, Crafted for Beginners with a Rare Glimpse into Pentesting Strategies

Revealing CVE-2024-22988 - A Unique Dive into Exploiting Access Control Gaps in ZKBio WDMS. Uncover the Untold, Crafted for Beginners with a Rare Glimpse into Pentesting Strategies

CVEs

N/A Severity

Screenshots from the blog posts

images/clt377x5t097l1hn60q66hltz.jpgimages/clt377x5t097l1hn60q66hltz.jpg

Summary

Version 8.0.5 (Build: 20211216.13375) of ZKBio WDMS has an improper access control vulnerability, CVE-2024-22988, that enables any user to exploit this flaw in the backup system's authentication and download the database backups by guessing their file names. This post acts a complete hands-on guide to understand and exploit this vulnerability. The interesting part is that as of this writing, no coverage has been done for this vulnerability and therefore, the process of understanding the exploit from the CVE description to eventually arriving at the complete exploit is clearly captured by this post. No prior experience is required and everything is detailed as much as possible to make the content beginner friendly!

Description

Total vcoins

53.3K

Social media links

Comments (0)