How I found Improper access control in Sonatype nexus manager.
Hello Awesome Hackers, I hope you all doing well!
My name is SHARAN.K , an Indian Ethical hacker.
today I’m sharing a vulnerability that I found a while ago, which I believe is quite interesting and very simple.
But I’m not going to share the bug bounty program name & domain name ..etc, because I didn’t get permission to disclose it.
so let’s assume the target is redacted.com
When I started hunting on the program, first I enumerated all the subdomains. And I checked each one by one.
I found one subdomain which was nexus.redacted.com
I saw a sonatype nexus manager 3.37.3–02 login page.
I checked for default credentials
admin:admin
admin:password
root:root
admin123:admin123
nothing worked…..
Suddenly opened google and searched for Sonatype nexus manager(specific version) exploit.
Then I get to know this was vulnerable to response manipulation while logging in.
I entered admin:admin and intercepted the request .
do intecept and response for this request
In the response I changed 403 forbidden to 200 OK
BOOM !!!
Successfully logged in as admin !!!
Best Regards,
SHARAN.K