ESET TYPO3 CMS HOst Header Vulnerability
Hello ,
fellas it was july when i saw a really good article on a vulnerability which was found in one of the ESET's Subdomain , i don't remember the website name on which the article was. So i thought why not try it out.
So i started finding subdomains of ESET and came Across this domain
"https://<subdomain>eset.com/ " which redirects me to https://<subdomain>.eset.com/int/
#I can't disclose the subdomain name
so now i got this page with following messages
reference :~ https://wiki.typo3.org/
Status: resolved
Reward:~ Swag+Certificate from ESET
Hope you enjoyed reading it.
fellas it was july when i saw a really good article on a vulnerability which was found in one of the ESET's Subdomain , i don't remember the website name on which the article was. So i thought why not try it out.
So i started finding subdomains of ESET and came Across this domain
"https://<subdomain>eset.com/ " which redirects me to https://<subdomain>.eset.com/int/
#I can't disclose the subdomain name
so now i got this page with following messages
so after doing some search i found its running on TYPO3 CMSThe current host header value does not match the configured trusted hosts pattern! Check the pattern defined in $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] and adapt it, if you want to allow the current host header '<subdomain>.eset.com' for your installation. at the first line it says"You see this error, because the submitted HTTP host-header does not match the trustedHosts configuration. You may want to adjust the trusted host pattern, which is security mechanism to validate the HTTP host-header and prevent host spoofing."
reference :~ https://wiki.typo3.org/
either this host hasn't been configured properly or has been using olderversion of TYPO3 CMSexplained about the exception that raised on the host
Now i came across the security advisory page
which clearly indicatesVulnerability Type: Host SpoofingProblem Description: Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. A blog post describes this problem in great detail.solution~Solution: Update to TYPO3 versions 4.5.34, 4.7.19, 6.0.14, 6.1.9 or 6.2.3 and check or update your web server configuration as described below.
#NotE :~ as my email contains it self a detailed report so i copied most of the part in this article from my email report.
Status: resolved
Reward:~ Swag+Certificate from ESET
Hope you enjoyed reading it.
Kindly share poc i am not able to understand this
ReplyDeleteNaveenzoho1@gmail.com