Posts

Showing posts from February 4, 2018

Cross Site Request Forgery- Type Setter CMS 5.1-CVE-2018-6888

Image
Hi Readers, Recently while performing some open source security assessment, I came across an CMS “ Typesetter” CMS. Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’.   Title of the Vulnerability :   Cross Site Request Forgery. Vulnerability Class : Remote Code Execution/ Account takeover Technical Details & Description : The application source code is coded in a way which allows malicious crafted HTML page to be executed directly without any anti csrf countermeasures. CVE ID allocated :   CVE-2018-6888 Product & Service Introduction : TypeSetter 5.1 Steps to Re-Produce – 1.        Visit the application 2.        Visit the User Permissions Page. 3.          Goto add user, and create a csrf crafted exploit for the same , upon hosting it on a server and sending the link to click by victim, it gets exploited. Exploitation Technique: A attacker can perform application modi

Host Header Injection- Type Setter CMS 5.1 - CVE-2018-6889

Image
Hi Readers, Recently while performing some open source security assessment, I came across an CMS “ Typesetter” CMS. Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’.   Title of the Vulnerability :   Host Header Injection. Vulnerability Class : Injection Technical Details & Description: The application is configured to allow insecure host headers to be injected in request headers. CVE ID allocated :   CVE-2018-6889 Product & Service Introduction : TypeSetter 5.1 Steps to Re-Produce – 1.        Visit the application 2.        Tamper the request and change the host to any arbitrary header like google.com 3.         The same is added in request and complete page re-direction takes place. Exploitation Technique: A attacker can perform application modification to perform advanced attacks as as password reset/ cache poisoning etc. Severity Level: High Security Risk: The pres