Menu

Search for hundreds of thousands of exploits

"Craft CMS 2.7.9/3.2.5 - Information Disclosure"

Author

"Mohammed Abdul Raheem"

Platform

php

Release date

2019-09-02

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Exploit Title : CraftCms Users information disclosure From uploaded File
# Author [Discovered By] : Mohammed Abdul Raheem
# Author's [Company Name] : TrekShield IT Solution
# Author [Exploit-db] : https://www.exploit-db.com/?author=9783
# Found Vulnerability On : 20-07-2019
# Vendor Homepage:https://craftcms.com/
# Software Information Link: https://github.com/craftcms/demo
# Software Affected Versions : CraftCms v2 before 2.7.10 and CraftCmsv3 before 3.2.6
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : Sensitive information disclosure
# CVE : CVE-2019-14280
####################################################################

# Description about Software :
***************************
Craft is a flexible, user-friendly CMS for creating custom digital
experiences on the web and beyond.

####################################################################

# Vulnerability Description :
*****************************

When a user uploads an image in CraftCMS, the uploaded image's EXIF
Geolocation Data does not gets stripped. As a result, anyone can get
sensitive information of CraftCMS's users like their Geolocation,
their Device information like Device Name, Version, Software &
Software version used etc.

# Impact :
***********

This vulnerability is CRITICAL and impacts all the craft's customer
base. This vulnerability violates the privacy of a User and shares
sensitive information of the user who uploads an image on CraftCMS.

# Steps To Validate :
*********************

1. Login to CraftCMS account.
2. Go to endpoint https://demo.craftcms.com/<token>/s/admin/assets
3. Upload an image which has EXIF Geolocation Data in it.
4. Once the image is uploaded by CraftCMS and hosted on the server,
download the image file and check the File Properties. You can also
use a tool like to view user's information: https://www.pic2map.com

# ATTACHED POC :
****************

https://youtu.be/s-fTdu8R3bU

# More Information Can be find here :
*************************************

https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#326---2019-07-23

###################################################################

# Discovered By Mohammed Abdul Raheem from TrekShield.com
Release Date Title Type Platform Author
2019-09-14 "College-Management-System 1.2 - Authentication Bypass" webapps php cakes
2019-09-14 "Ticket-Booking 1.4 - Authentication Bypass" webapps php cakes
2019-09-13 "LimeSurvey 3.17.13 - Cross-Site Scripting" webapps php "SEC Consult"
2019-09-13 "phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery" webapps php "Manuel García Cárdenas"
2019-09-13 "Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting" webapps php "Metin Yunus Kandemir"
2019-09-10 "WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)" webapps php MTK
2019-09-10 "WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting" webapps php MTK
2019-09-10 "WordPress Plugin Photo Gallery 1.5.34 - SQL Injection" webapps php MTK
2019-09-10 "October CMS - Upload Protection Bypass Code Execution (Metasploit)" remote php Metasploit
2019-09-09 "Dolibarr ERP-CRM 10.0.1 - SQL Injection" webapps php "Metin Yunus Kandemir"
2019-09-09 "WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting" webapps php "Mr Winst0n"
2019-09-09 "Online Appointment - SQL Injection" webapps php "mohammad zaheri"
2019-09-09 "Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection" webapps php "Metin Yunus Kandemir"
2019-09-09 "WordPress 5.2.3 - Cross-Site Host Modification" webapps php "Todor Donev"
2019-09-06 "Inventory Webapp - 'itemquery' SQL injection" webapps php "mohammad zaheri"
2019-09-04 "WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting" webapps php MgThuraMoeMyint
2019-09-03 "FileThingie 2.5.7 - Arbitrary File Upload" webapps php cakes
2019-09-02 "Craft CMS 2.7.9/3.2.5 - Information Disclosure" webapps php "Mohammed Abdul Raheem"
2019-09-02 "Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection" webapps php MTK
2019-09-02 "Opencart 3.x - Cross-Site Scripting" webapps php "Nipun Somani"
2019-08-30 "WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting" webapps php "Damian Ebelties"
2019-08-30 "YouPHPTube 7.4 - Remote Code Execution" webapps php "Damian Ebelties"
2019-08-30 "DomainMod 4.13 - Cross-Site Scripting" webapps php "Damian Ebelties"
2019-08-30 "Sentrifugo 3.2 - Persistent Cross-Site Scripting" webapps php creosote
2019-08-30 "Sentrifugo 3.2 - File Upload Restriction Bypass" webapps php creosote
2019-08-29 "PilusCart 1.4.1 - Local File Disclosure" webapps php "Damian Ebelties"
2019-08-29 "Jobberbase 2.0 - 'subscribe' SQL Injection" webapps php "Damian Ebelties"
2018-10-31 "WordPress Plugin GoURL.io < 1.4.14 - File Upload" webapps php "Pouya Darabi"
2019-08-28 "Jobberbase 2.0 CMS - 'jobs-in' SQL Injection" webapps php "Naren Jangra"
2019-08-28 "SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection" webapps php "Rafael Pedrero"
Release Date Title Type Platform Author
2019-09-02 "Craft CMS 2.7.9/3.2.5 - Information Disclosure" webapps php "Mohammed Abdul Raheem"
2019-02-14 "DomainMOD 4.11.01 - 'category.php CatagoryName_ StakeHolder' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2019-02-14 "DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2019-02-14 "DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-11 "DomainMOD 4.11.01 - Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-09 "DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-04 "DomainMOD 4.11.01 - Registrar Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-04 "DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-04 "DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-04 "DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47343/?format=json')
                        {"url": "https://www.nmmapper.com/api/exploitdetails/47343/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/47343/41703/craft-cms-279325-information-disclosure/download/", "exploit_id": "47343", "exploit_description": "\"Craft CMS 2.7.9/3.2.5 - Information Disclosure\"", "exploit_date": "2019-09-02", "exploit_author": "\"Mohammed Abdul Raheem\"", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                    

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications including basic vulnerability identification.

Browse exploit APIBrowse