CVE-2023-37759
📋 TL;DR
This vulnerability allows unauthenticated attackers to register administrator accounts in Crypto Currency Tracker (CCT) by sending a specially crafted POST request to the user registration page. Any organization running CCT versions before 9.5 is affected, potentially giving attackers full administrative control over the application.
💻 Affected Systems
- Crypto Currency Tracker (CCT)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the CCT application with attackers gaining administrative privileges, allowing them to manipulate cryptocurrency data, steal sensitive information, or use the system as a foothold for further attacks.
Likely Case
Attackers create admin accounts to access sensitive cryptocurrency tracking data, modify application settings, or disrupt legitimate operations.
If Mitigated
Proper access controls prevent unauthorized admin registration, limiting attackers to standard user privileges if they can still register.
🎯 Exploit Status
Exploit details and proof-of-concept code are publicly available on Packet Storm Security.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.5
Vendor Advisory: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
Restart Required: Yes
Instructions:
1. Download CCT version 9.5 or later from the vendor. 2. Backup your current installation. 3. Replace the existing files with the updated version. 4. Restart the web server or application service.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable the user registration functionality to prevent exploitation.
Modify application configuration to disable registration or block access to registration endpoints
Web Application Firewall Rules
allImplement WAF rules to block suspicious POST requests to registration endpoints.
Add rule to block POST requests containing admin role parameters
🧯 If You Can't Patch
- Implement network segmentation to isolate CCT from critical systems
- Enable detailed logging and monitoring for user registration attempts
🔍 How to Verify
Check if Vulnerable:
Check if CCT version is below 9.5 by reviewing the application version in admin panel or configuration files.Check Version:
Check the application's admin panel or review the version.txt file in the installation directory.Verify Fix Applied:
After updating to version 9.5, attempt to register a new user and verify that admin role cannot be assigned during registration.📡 Detection & Monitoring
Log Indicators:
- Multiple failed registration attempts
- Successful user registrations with admin role parameters
- POST requests to registration endpoints with unusual parameters
Network Indicators:
- HTTP POST requests to /register or similar endpoints containing role=admin parameters
- Unusual traffic patterns to registration pages
SIEM Query:
source="web_logs" AND (url_path="/register" OR url_path="/user/register") AND http_method="POST" AND (form_data CONTAINS "admin" OR form_data CONTAINS "role=admin")🔗 References
- https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
- https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html
- https://tregix.com/
- https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
- https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html
- https://tregix.com/
