Advisory assigned CVE-2018-7308 | CSRF Exploit in Shared Hosting CMS that leads to remote takeover - Development Security Downloads Education | Andmp

This blog is mainly focused on Development, coding,technology and Security. Detailed analysis on most discussed topics on web plus Downloads and PDFs.Books and materials.

Breaking

ad

Post Top Ad

Thursday, 22 February 2018

Advisory assigned CVE-2018-7308 | CSRF Exploit in Shared Hosting CMS that leads to remote takeover

Discoverer/Credits - Arif Khan

Affected Software  - DanWin Hosting CMS

CVE Assigned - CVE-2017-7308

Technical Details mitigation -

A CSRF issue was found in DanWin Hosting CMS that is used to offer shared hosting solutions for Tor Anonymity Services.

The resulting aftermath might de-anonymise the hosting operator and its users.

User actions on the web-user FTP file manager in  var/www/html/files.php like deleting/adding/modifying files and directories in hosting account aren't protected from CSRF and hence susceptible to likely Request Forgery attacks by any attacker.

You are advised to add a PHP script that verifies user actions and acts as a prevention against CSRF.

The vendor has confirmed the vulnerability and is working towards a fix.
* Any updates will be notified on the blog *




 

No comments:

Post a Comment

Your Opinion is Our First Priority

Post Bottom Ad

Pages