Host Header Injection- Type Setter CMS 5.1 - CVE-2018-6889

Hi Readers,

Recently while performing some open source security assessment, I came across an CMS “ Typesetter” CMS. Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’. 

Title of the Vulnerability:  Host Header Injection.
Vulnerability Class: Injection
Technical Details & Description: The application is configured to allow insecure host headers to be injected in request headers.

CVE ID allocated:  CVE-2018-6889

Product & Service Introduction: TypeSetter 5.1
Steps to Re-Produce –
1.       Visit the application
2.       Tamper the request and change the host to any arbitrary header like google.com
3.        The same is added in request and complete page re-direction takes place.
Exploitation Technique: A attacker can perform application modification to perform advanced attacks as as password reset/ cache poisoning etc.
Severity Level: High
Security Risk:
The presence of such a risk can lead to user cache poisoning and user re-direction

Exploit code:

GET / HTTP/1.1
Host: google.com

Affected Product Version: 5.1
Solution - Fix & Patch: The application code should be configured with to allow a whitelist of allowed hosts in source code.






Comments

Post a Comment

Popular posts from this blog

Arbitrary file upload and RCE in Wonder CMS - CVE-2017-14521

Cross Site Request Forgery- Intex Router N-150 | CVE-2018-12529

Stored XSS in Wonder CMS- CVE-2017-14522