Resolved Bug


This bug has been marked as resolved.

WARNING v5.4.1.1 XSS/Remote Code Execution Exploit!

Permalink 30 28 Browser Info Environment
There is a securityhole!

plz close it!

more herehttp://www.exploit-db.com/exploits/15915/...


Status: Resolved
View Best Answer
Mnkras replied on at Permalink
Mnkras
Nice catch,

its because the ccm-token is not passed when creating a scrapbook, i believe
Mnkras replied on at Best Answer Permalink
Mnkras
in the meantime to make it slightly harder,

put this in your /config/site.php

define('SESSION', 'CONCRETE5');

and change CONCRETE5 to whatever you want,
Note: everyones session will be lost, so they have to resign in.
neoasix replied on at Permalink
ok thx. hope it will be harder in next update :>
Mnkras replied on at Permalink
Mnkras
The entire exploit counts on the user being able to hijack an admin's cookies, as long as you don't login on insecure networks
andrew replied on at Permalink
andrew
Fixed in github by incorporating the validation token into scrapbook functionality. Thanks mnkras.

concrete5 Environment Information

5.4.1.1
Webserver Apache

Browser User-Agent String

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b9) Gecko/20100101 Firefox/4.0b9