One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 779637 |
| Date de publication | 2018-08-15 13:00:00 (vue: 2018-08-18 20:00:50) |
| Titre | Discovering CVE-2018-11512 - wityCMS 0.6.1 Persistent XSS |
| Texte |
Content Management Systems (CMS) are usually good to check out for security issues, especially if the system is gaining popularity or being used by a number of people. Doing a white box type of assessment not only gives the potential to discover security issues but it opens interesting possibilities if ever a bug is found. This is because a white box assessment looks into the internal structure of how an application works.
WityCMS, for instance, is a system made by CreatiWity which assists in managing content for different uses, like personal blogging, business websites, or any other customized systems. In this post, I will walk through the steps of setting up the CMS, finding a web application issue, and processing a CVE for it.
Installation (Windows with XAMPP)
1. Download a copy of the source code (Version 0.6.1).
2. Extract the folder /witycms-0.6.1 from the archive to C:\xampp\htdocs\ or where ever you have installed XAMPP in Windows.
3. Assuming Apache and MySQL are running, visit http://localhost/phpmyadmin/index.php.
4. Click on the "databases" tab.
5. Type in “creatiwity_cms” as the name of the database and click create.
6. You should now able to browse the application by visiting http://localhost/witycms-0.6.1/
7. Fill in data required. Like for “Site name”, I’ve added in “Test”. Click on the Next button.
8. Next comes defining the homepage of the system. You can choose any from the options. For example:
9. Setting up the database is next. From step #5, I have used the database name “creatiwity_cms” so this goes in the database setup.
10. Enter the administrator account details and click “Launch install!” (I have added user “admin” with the password of “admin” here)
11. Once successful, this page should pop up:
Finding a Web Application Security Issue
Since this article is about CVE-2018-11512, I will be limiting the scope of finding web application vulnerabilities to a persistent XSS vulnerability. But first, let’s try to understand what a persistent XSS is.
According to OWASP, “Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted we |
| Envoyé | Oui |
| Condensat | “common “cve “site 1128451 11512 118269 2018 20cve 20guidelines 20id 20request 20v1 able about accurate acknowledged across actually added adds admin/settings/general advisories advisory affected after allows already also always analysis application applications arbitrary are assess assigned associated attack attackers authenticated authorities” because becomes been before being below best board both browsing bug but bypassed called can case changing check cheers cms cna cnas code com com/ com/attachment/850/0/draft com/creatiwity/witycms/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44 come command comments communicate company components: computing concept conditions confirm confirmed corporation could craft crafted creatiwity creator credible cross currently cve cves day decided depending description description: detailed details developer device directly disastrous disclosed discoverer: discovering discuss document docx doesn’t doing done down empty enter entering entries entry even example examples execute executing execution exist existing exists exploit exposures exposures” fast field figured file: files fill filter final first fix fixing following: form forward found function general get github good google gotten has have haven’t hearing helps here here here https://vuldb html http https://github hundred identify impact: incident included information inject input instance instructions interesting issue issues it's knowledge leads lenovo lenovo’s libraries like like: list looking lot make managed many means menu miner mitre mitre’s model more must nabble name nandwani nathu new not notice number numbering numbers of: offensive once one only opened opens opportunities other out output page payload pending people persistent pertain phishing php point points possibilities possible post process processing product product: project project’s proof proper provide psirt public publicly questions recursion recursively redirecting reference references referring register registered remote replaced replacing report reported representing request required response result same sanitizing script scripting scripts search security sending sent settings she should show showing shown sides simple simply since site slow source specific steps stored string string: submission submit suggested support sure system tag takes team teams technique test that’s them then these this: through time tips: title” too try trying two type: unauthenticated: under unwanted updates used user using vector: vendor verification version version: visiting visits vuldb vulnerabilities vulnerability wasted web website website's website’s website: http://common when which whole will without witycms witycms’s wmain work works world would wrequest wsession xss yet |
| Tags | Vulnerability Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.