Kirby Panel 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1124418 漏洞类型 跨站脚本
发布时间 2017-11-13 更新时间 2019-08-05
CVE编号 CVE-2017-16807 CNNVD-ID CNNVD-201711-373
漏洞平台 PHP CVSS评分 3.5
|漏洞来源
https://www.exploit-db.com/exploits/43140
https://cxsecurity.com/issue/WLB-2017110083
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201711-373
|漏洞详情
Kirby是一套基于文件的CMS(内容管理系统)系统。Panel是其中的一个控制面板组件。 Kirby Panel 2.3.3之前的版本、2.4.2之前的2.4.x版本和2.5.7之前的2.5.x版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
|漏洞EXP
# Exploit Title: KirbyCMS <2.5.7 Stored Cross Site Scripting
# Vendor Homepage: https://getkirby.com/
# Software Link: https://getkirby.com/try
# Discovered by: Ishaq Mohammed
# Contact: https://twitter.com/security_prince
# Website: https://about.me/security-prince
# Category: webapps
# Platform: PHP
# CVE: CVE-2017-16807

1. Description
   
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16807

2. Proof of Concept

Steps to Reproduce:
Log in as an Editor and click on Site Options
Add the malicious .svg file which contains the javascript to the Site
Login to another browser with Admin Credentials.
Click on Site Options.
Click on the newly added .svg file

3. Reference

https://securityprince.blogspot.in/2017/11/cve-2017-16807-kirby-cms-257-cross-site.html   
https://getkirby.com/changelog/kirby-2-5-7

4. Solution

The vulnerability is patched by the vendor in the version 2.5.7.
|参考资料

来源:CONFIRM
链接:https://getkirby.com/changelog/kirby-2-5-7