CraftCMS Configuration Disclosure Detection Scanner
This scanner detects the use of CraftCMS with devMode enabled, which allows the exposure of the Yii2 debug toolbar and sensitive application information. It helps to identify misconfigurations that could potentially leak database queries, session data, and other sensitive details to unauthenticated users.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
20 days 11 hours
Scan only one
URL
Toolbox
The scanner is focused on the CraftCMS, a popular content management system used by developers to create bespoke websites and applications. Organizations and individuals across various industries leverage CraftCMS for its flexibility and ease of integration into custom workflows and designs. It is used by web developers, designers, and agencies to build websites and manage content efficiently. CraftCMS provides a user-friendly interface, a robust backend, and the ability to extend functionality through plugins, making it suitable for businesses of all sizes.
The vulnerability detected pertains to the devMode being enabled inadvertently on production systems. When devMode is enabled, CraftCMS exposes the Yii2 debug toolbar, which can leak sensitive information about the application. This misconfiguration can reveal database queries, session data, cookies, and stack traces, along with other internal application details. It poses a significant security risk as it makes these details available to unauthenticated users.
The technical details of this vulnerability involve the exposure of the Yii2 debug toolbar through specific CraftCMS endpoints. When devMode is enabled, requests to paths such as "/actions/debug/default/index" and "/actions/debug/default/toolbar" respond with HTTP 200, indicating the presence of the debug information. These responses include headers or body contents that contain phrases like "Yii Debugger" and "yii-debug-toolbar", confirming the vulnerability.
Exploitation of this vulnerability by malicious actors can lead to severe consequences, including unauthorized access to sensitive information, further attacks such as SQL injection, and compromise of user data. If attackers gain access to session data and CSRF tokens, they could perform privileged actions or impersonate legitimate users, leading to data breaches and system compromise.
REFERENCES
