WebsiteBaker Community Forum

WebsiteBaker Support (2.13.x) => General Help & Support => Topic started by: markherrmann on August 11, 2022, 09:57:21 AM

Title: Security
Post by: markherrmann on August 11, 2022, 09:57:21 AM
Hi i found that Site in the internet: https://packetstormsecurity.com/files/164215/WebsiteBaker-2.13.0-Remote-Code-Execution.html
That was very intersting, for me and my installations of wsb.

@ALL USER OF WSB - READ IT AND FIX IT
Title: Re: Security
Post by: crnogorac081 on August 11, 2022, 10:18:14 AM
How to execute this code ? Php or python?
Title: Re: Security
Post by: Luisehahne on August 11, 2022, 03:03:47 PM
How to execute this code ? Php or python?

Most of the explits are written in Python

WB 2-13-0 is End of Life long time ago, actuell WB Version is 2.13.2 for php 8.1.x

this remark i read
Quote
# WebsiteBaker Open Source Content Management
# Includes an endpoint that allows remote access
# Language page misconfigured, causing vulnerability
# User information with sufficient permissions is required.
# I had to write a long script to bypass some security measures.

it seems very difficult to execute an exploit

Dietmar
Title: Re: Security
Post by: crnogorac081 on August 11, 2022, 04:14:49 PM
So nothing special here, because If you are logged in user with sufficient permission, there are various ways to "hack" wb..