######################################## Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability# Google Dork: N/A# Date: 04-04-2018######################################## Exploit Author: Sureshbabu Narvaneni######################################### Author Blog : http://nullnews.in# Vendor Homepage: http://www.wolfcms.org# Software Link: https://bitbucket.org/wolfcms/wolf-cms-downloads/downloads/wolfcms-0.8.3.1.zip# Affected Version: 0.8.3.1# Category: WebApps# Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686# CVE : CVE-2018-8813## 1. Vendor Description:## Light-weight, fast, simple and powerful CMS. PHP-based, easily extended CMS. Uses MySQL, SQLite or (from 0.7)# PostgreSQL for db. Simple drag & drop page hierarchy. Open source, licensed under GPLv3.## 2. Technical Description:## Open redirect vulnerability in the login[redirect] parameter login
functionality in WolfCMS before 0.8.3.1 allows
# remote attackers to redirect users to arbitrary web sites and conduct
phishing attacks via a malformed URL.## 3. Proof Of Concept:##Navigate to http://[URL]/wolfcms/?/admin/login#Enter the credentials and replace login[redirect] to any url.#You can see the unvalidated redirect.## 4. Solution:## Upgrade to latest release.# http://www.wolfcms.org/blog.html## 5. Reference:# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8813# https://github.com/wolfcms/wolfcms/issues/670#####################################
