WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News

WebsiteBaker 2.13.9 R22 is now available!

R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html

* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.13.x) »
  • General Help & Support »
  • Security
  • Print
Pages: [1]   Go Down

Author Topic: Security  (Read 5646 times)

Offline markherrmann

  • Posts: 141
Security
« on: August 11, 2022, 09:57:21 AM »
Hi i found that Site in the internet: https://packetstormsecurity.com/files/164215/WebsiteBaker-2.13.0-Remote-Code-Execution.html
That was very intersting, for me and my installations of wsb.

@ALL USER OF WSB - READ IT AND FIX IT
Logged

Offline crnogorac081

  • Posts: 2168
  • Gender: Male
Re: Security
« Reply #1 on: August 11, 2022, 10:18:14 AM »
How to execute this code ? Php or python?
Logged
Web developer

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4548
  • Gender: Male
Re: Security
« Reply #2 on: August 11, 2022, 03:03:47 PM »
Quote from: crnogorac081 on August 11, 2022, 10:18:14 AM
How to execute this code ? Php or python?

Most of the explits are written in Python

WB 2-13-0 is End of Life long time ago, actuell WB Version is 2.13.2 for php 8.1.x

this remark i read
Quote
# WebsiteBaker Open Source Content Management
# Includes an endpoint that allows remote access
# Language page misconfigured, causing vulnerability
# User information with sufficient permissions is required.
# I had to write a long script to bypass some security measures.

it seems very difficult to execute an exploit

Dietmar
Logged
Note: Once the code has been generated, it is easy to debug. It's not a bug, it's a feature!

Offline crnogorac081

  • Posts: 2168
  • Gender: Male
Re: Security
« Reply #3 on: August 11, 2022, 04:14:49 PM »
So nothing special here, because If you are logged in user with sufficient permission, there are various ways to "hack" wb..
Logged
Web developer
  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.13.x) »
  • General Help & Support »
  • Security
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2