Kentico 9 - CVE-2017-17736

Odem K asked on May 3, 2018 06:05

Hi,

Currently we are testing the CVE-2017-17736 on web application which is using the Kentico 9 to prove the vulnerability still exits on the current application, we follow the POC(link: https://blog.hivint.com/advisory-access-control-bypass-in-kentico-cms-cve-2017-17736-49e1e43ae55b) and we're stuck at the step 3 which is one click away to finish the starter site. We're concern about whether this will overwrite or replace the current web or not because we don't want to make any changes or harm on the current web as it's in production. So, the question: is it doing this will overwrite or replace the current web application? Please advise.

PS. We are doing this testing in order to prove and request staff to apply fix.

Correct Answer

Brenden Kehren answered on May 3, 2018 06:44

I'd highly recommend NOT performing your POC on a production environment whatsoever! For this copy the code base and database and run your POC. Your clients and your boss will thank you, guaranteed.

2 votesVote for this answer Unmark Correct answer

Recent Answers

Andrew Radburnd answered on May 3, 2018 10:54

Hey Odem,

I worked with Jeff from Hivint on the cve.

The steps in the PoC won't overwrite the site or add a new site, but I would refer to Brendens comments and not do it on your production site just incase.

The fact you are getting past Step 1, i believe is proof enough that you are vulnerable to the CVE, the rest of the steps just show how much.

Cheers,

Andrew

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.