WolfCMS 0.8.3.1 - Open Redirection

EDB-ID:

44421




Platform:

PHP

Date:

2018-04-09


#######################################
# Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability
# Google Dork: N/A
# Date: 04-04-2018
#######################################
# Exploit Author: Sureshbabu Narvaneni#
#######################################
# Author Blog : http://nullnews.in
# Vendor Homepage: http://www.wolfcms.org
# Software Link: https://bitbucket.org/wolfcms/wolf-cms-downloads/downloads/wolfcms-0.8.3.1.zip
# Affected Version: 0.8.3.1
# Category: WebApps
# Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686
# CVE : CVE-2018-8813
#
# 1. Vendor Description:
#
# Light-weight, fast, simple and powerful CMS. PHP-based, easily extended CMS. Uses MySQL, SQLite or (from 0.7)
# PostgreSQL for db. Simple drag & drop page hierarchy. Open source, licensed under GPLv3.
#
# 2. Technical Description:
#
# Open redirect vulnerability in the login[redirect] parameter login
functionality in WolfCMS before 0.8.3.1 allows
# remote attackers to redirect users to arbitrary web sites and conduct
phishing attacks via a malformed URL.
#
# 3. Proof Of Concept:
#
#  Navigate to http://[URL]/wolfcms/?/admin/login
#  Enter the credentials and replace login[redirect] to any url.
#  You can see the unvalidated redirect.
#
# 4. Solution:
#
# Upgrade to latest release.
# http://www.wolfcms.org/blog.html
#
# 5. Reference:
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8813
# https://github.com/wolfcms/wolfcms/issues/670
#####################################