Saturday, 10 February 2018

Host Header Injection- Type Setter CMS 5.1 - CVE-2018-6889

By - Navina Asrani

Hi Readers,

Recently while performing some open source security assessment, I came across an CMS “ Typesetter” CMS. Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’. 

Title of the Vulnerability:  Host Header Injection.
Vulnerability Class: Injection
Technical Details & Description: The application is configured to allow insecure host headers to be injected in request headers.

CVE ID allocated:  CVE-2018-6889

Product & Service Introduction: TypeSetter 5.1
Steps to Re-Produce –
1.       Visit the application
2.       Tamper the request and change the host to any arbitrary header like
3.        The same is added in request and complete page re-direction takes place.
Exploitation Technique: A attacker can perform application modification to perform advanced attacks as as password reset/ cache poisoning etc.
Severity Level: High
Security Risk:
The presence of such a risk can lead to user cache poisoning and user re-direction

Exploit code:

GET / HTTP/1.1

Affected Product Version: 5.1
Solution - Fix & Patch: The application code should be configured with to allow a whitelist of allowed hosts in source code.

1 comment:

Hacking into Block Chain Technology:Part 2

Security Testing on Block Chain: By- Samrat Das Now since we have our fundamentals clear on block chain, let’s proceed for un...