WBCE CMS 1.6.1 Open Redirect + CSRF = CSS KEYLOGGING
#Title:
WBCE CMS 1.6.1 Open Redirect + CSRF = CSS KEYLOGGING
#Vulnerability discovery:
This is a vulnerability I made CSS Keylogger using open redirect and csrf vulnerability.This vulnerability was discovered by me on July 3, 2023.
#Description of the vulnerability:
WBCE is a very user friendly content management system (CMS). It was forked from WebsiteBaker CMS in 2015 and has been under independent, continous further development since then.
Normally, Open redirect and CSRF is low level vulnerability.If you mix this vulnerabilities you utilize maximum.
PART-1 (open redirect)
I observed empty url parameter in login request. I quickly typed https://google.com and got redirected to google.com.
PART-2 (csrf)
I noticed is not csrf token in above request.Acording to occurs csrf.
PART-3 (uploading)
People upload file in this application.Php or js file upload is forbidden in application.But application to give permission upload html file.I quickly upload html file but this file contains css keylogger.
If you want html content visit to my github account (https://github.com/1mirabbas/WBCE_CMS_1.6.1-Css_Keylogging-2023).
example:
NOTE: You type you server in url section.I use pipedream .(https://public.requestbin.com/r)
#Affected Versions:
This and all previous versions are affected
#Step by Step Exploitation:
Step 1.Html file upload and get url.
Step 2. Then I use this url in open redirection vulnerability.My aim is I redirect people to html file .
Step 3. I made CSRF POC
This is my tool.(https://github.com/1mirabbas/csrf_poc_generator)
Step 4. Send it to the victim. If the victim clicks and fills in the form, the password will be sent to your server letter by letter.
