WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News

WebsiteBaker 2.13.6 is now available!

Will it continue with WB? It goes on! | Geht es mit WB weiter? Es geht weiter!
https://forum.websitebaker.org/index.php/topic,32340.msg226702.html#msg226702

The forum email address board@websitebaker.org is working again
https://forum.websitebaker.org/index.php/topic,32358.0.html

R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html

* Support WebsiteBaker


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.13.x) »
  • General Help & Support »
  • Security
  • Print
Pages: [1]   Go Down

Author Topic: Security  (Read 4026 times)

Offline markherrmann

  • Posts: 141
Security
« on: August 11, 2022, 09:57:21 AM »
Hi i found that Site in the internet: https://packetstormsecurity.com/files/164215/WebsiteBaker-2.13.0-Remote-Code-Execution.html
That was very intersting, for me and my installations of wsb.

@ALL USER OF WSB - READ IT AND FIX IT
Logged

Offline crnogorac081

  • Posts: 2161
  • Gender: Male
Re: Security
« Reply #1 on: August 11, 2022, 10:18:14 AM »
How to execute this code ? Php or python?
Logged
Web developer

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4548
  • Gender: Male
Re: Security
« Reply #2 on: August 11, 2022, 03:03:47 PM »
Quote from: crnogorac081 on August 11, 2022, 10:18:14 AM
How to execute this code ? Php or python?

Most of the explits are written in Python

WB 2-13-0 is End of Life long time ago, actuell WB Version is 2.13.2 for php 8.1.x

this remark i read
Quote
# WebsiteBaker Open Source Content Management
# Includes an endpoint that allows remote access
# Language page misconfigured, causing vulnerability
# User information with sufficient permissions is required.
# I had to write a long script to bypass some security measures.

it seems very difficult to execute an exploit

Dietmar
Logged
Note: Once the code has been generated, it is easy to debug. It's not a bug, it's a feature!

Offline crnogorac081

  • Posts: 2161
  • Gender: Male
Re: Security
« Reply #3 on: August 11, 2022, 04:14:49 PM »
So nothing special here, because If you are logged in user with sufficient permission, there are various ways to "hack" wb..
Logged
Web developer
  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.13.x) »
  • General Help & Support »
  • Security
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2