An Information Security on emerging technologies write-up and specific focus on penetration testing, bug hunting.
Saturday, 10 February 2018
Host Header Injection- Type Setter CMS 5.1 - CVE-2018-6889
By - Navina Asrani
Recently while performing some open source security
assessment, I came across an CMS “ Typesetter” CMS. Curious to explore its
functionalities, I set up a local copy and started playing around to find
Title of the Vulnerability:Host Header Injection.
Vulnerability Class: Injection
Technical Details & Description: The application is
configured to allow insecure host headers to be injected in request headers.
CVE ID allocated: CVE-2018-6889
Product & Service Introduction: TypeSetter 5.1
Steps to Re-Produce –
2. Tamper the
request and change the host to any arbitrary header like google.com
3.The same is
added in request and complete page re-direction takes place.
Exploitation Technique: A attacker can perform application
modification to perform advanced attacks as as password reset/ cache poisoning
Severity Level: High
The presence of such a risk can lead to user cache poisoning
and user re-direction
GET / HTTP/1.1
Affected Product Version: 5.1
Solution - Fix & Patch: The application code should be
configured with to allow a whitelist of allowed hosts in source code.