HackDig : Dig high-quality web security articles for hacker

PageKit Open Source CMS Penetration Test

2017-01-31 19:45

Overview

Under the SecureLayer7’s Gratis Pentest Summer 2016, our consultant “Saurabh Banawar” have performed the 2 days penetration testing on the PageKit open source CMS application. Following vulnerabilities Saurabh have found during the penetration testing.

  1. Vertical/Horizontal Authentication Bypass or Password Reset Vulnerability (Critical)  – CVE-2017-5594
  2. Server side information disclosure (Medium)
  3. Misconfiguration Improper use of .htaccess (Low)
  4. Weak Password Policy(Low)
  5. Sensitive Information leakage via referrer header (Low)
  6. Plain text storage of credentials (Low)
  7. SWIFTMAILER Remote Code Execution (Low)  // Low – On the sender input is controlled by the developer or higher level user, so that rated the impact low.

Download Detailed Report : Download

Exploit Code for Password Reset – Download

Commit tag – Github

Download fixed code – Download

 

 

 

The post PageKit Open Source CMS Penetration Test appeared first on SecureLayer7.


Source: /tsetnep-sitarg-6102-tset-noitartenep-syad-2-smc-ecruos-nepo-tikegap/ten.7reyaleruces.golb

“PageKit Open Source CMS Penetration Test”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud