Advisory assigned CVE-2018-7308 | CSRF Exploit in Shared Hosting CMS that leads to remote takeover - Download Analysis Tips Tricks | Andmp

Detailed analysis on most discussed web topics plus Downloads and PDFs.Books and materials

Breaking

ad

Post Top Ad

Thursday, 22 February 2018

Advisory assigned CVE-2018-7308 | CSRF Exploit in Shared Hosting CMS that leads to remote takeover

Discoverer/Credits - Arif Khan

Affected Software  - DanWin Hosting CMS

CVE Assigned - CVE-2017-7308

Technical Details mitigation -

A CSRF issue was found in DanWin Hosting CMS that is used to offer shared hosting solutions for Tor Anonymity Services.

The resulting aftermath might de-anonymise the hosting operator and its users.

User actions on the web-user FTP file manager in  var/www/html/files.php like deleting/adding/modifying files and directories in hosting account aren't protected from CSRF and hence susceptible to likely Request Forgery attacks by any attacker.

You are advised to add a PHP script that verifies user actions and acts as a prevention against CSRF.

The vendor has confirmed the vulnerability and is working towards a fix.
* Any updates will be notified on the blog *




 

No comments:

Post a Comment

Would love to hear from you ! Found some issues on the page ? Let me know and stand a chance to take part in our bug bounty giveaway !

Post Bottom Ad

Pages