Craft CMS Log File Exposure Detection Scanner

Craft CMS is a content management system used by developers and designers to create customized websites. It offers a flexible, user-friendly interface and is widely utilized by businesses, freelancers, and agencies. The platform is designed for building complex content structures and is popular for its modular architecture. Craft CMS is used by various sectors ranging from e-commerce to education, offering developers complete control over HTML and design. It supports a robust plugin architecture, allowing for extensive customization and third-party integrations. The software is designed to manage content efficiently, ensuring ease of use for content editors and administrators.

The vulnerability detected in Craft CMS involves log file exposure due to misconfiguration. Misconfigured settings can lead to unrestricted access to sensitive log files, potentially revealing error messages, database interactions, and user sessions. Such an exposure can provide attackers with insight into system operations and weaknesses. The disclosed logs might contain valuable information that can assist in further attacks or unauthorized access. This specific vulnerability could be exploited remotely, without requiring authentication. The exposure of internal logs poses a significant security risk by divulging intricate details about the system's operation and handling.

The technical details of this vulnerability involve exposed log files, typically located at '/storage/logs/web.log' within Craft CMS installations. These logs can be accessed via HTTP GET requests if the server is misconfigured to allow public access. The logs contain system-generated entries such as errors, stack traces, and possibly sensitive data like session IDs and database queries. The issue is compounded by the presence of specific indicators within the log content, such as the terms 'craft_cms', 'UrlManager', and 'schemaVersion', which suggest the log pertains to Craft CMS operations. A status code of '200' in the HTTP response confirms successful log access.

When exploited, this vulnerability can allow unauthorized individuals to gain insights into the internal workings of a system. Information such as error logs and stack traces could be used to identify other security weaknesses. If credentials or session data are exposed, it could lead to account compromise or unauthorized access to the system. The potential for information leakage could also facilitate social engineering attacks. Additionally, attackers might use this information to craft more sophisticated attacks tailored to the specific weaknesses of the system. Exposure of log files thereby increases the risk of data breaches and service disruption.

REFERENCES

• https://craftcms.com/docs/5.x/system/logging.html
• https://craftcms.com/knowledge-base/locating-error-logs-and-database-backups
• https://github.com/craftcms/cms/issues/3619