strapi 3.0.0 beta 17.4 password reset (CVE-2019-18818)

[h00die]

fixes #16168

Adds a module that was in the issues for a while and just needed a cleanup/standardization/etc. Lets you reset the admin's password on Strapi CMS 3.0.0 Beta 17.4 and before

@smcintyre-r7 Not to push this to the top of the queue, but the npx install for 17.4 works, 17.3 failed because of a dependency being too out of date, and the docker image provided by the developers themselves fails due to a dependency out dated issue. This is a REALLY quick module to test, but I would suggest someone test it soon since its fairly old and who knows when the easy npx install route will start failing.

Verification

• [ ] Start msfconsole
• [ ] Install the application
• [ ] Start msfconsole
• [ ] Do: use auxiliary/scanner/http/strapi_3_password_reset
• [ ] Do: set new_password testtesttest
• [ ] Do: set rport 1337
• [ ] Do: set rhosts 127.0.0.1
• [ ] Do: run
• [ ] You should be able to reset the admin users password

[h00die]

Thanks for the quick review, everything looks good . tested and merged

[adfoster-r7]

Release Noes

Adds a new auxiliary/scanner/http/strapi_3_password_reset which that lets you reset the admin's password on Strapi CMS 3.0.0 Beta 17.4 and before by leveraging CVE-2019-18818.