All you need is a vulnerable Extension and a Wikipage. Once you have found a vulnerable Extension and Wikipage, you can follow the Proof of Concept (PoC) demonstrated below. 1. Install BlueSpiceSocialProfile extension and login to your BlueSpice instance. 2. Click on ‘Add a social profile’ in BlueSpiceSocialProfile extension.
Vulnerability Finding starts here!
3. Choose your social media profile and click on ‘Add Social Profile’.
4. Click on ‘Activate this extension to use this social profile’
5. Click on ‘I agree’ to the Terms of Service (TOS).
6. You should now be logged into your social account for that Extension. In this case, we will login as "BlueSpice" with a link https://www.facebook.com/login
7. Scroll down until you see the smiley face icon near the bottom right corner of the page, then click on it to view Facebook's settings page. 8. Click on 'Edit Settings' under Facebook's information icon in the top-right corner of the page (not shown). 9. You should find an option with a name like 'Login Specifically for my app'. If you find one, change it to something else such as 'Log in to Facebook using my app'. 10. Log out of Facebook, then log back in again with your new login information using the same browser and you should see something similar to what is shown below:
11. Now go back to BlueSpiceSocialProfile extension and click on 'Add a social profile' 12. Choose your newly created Facebook account from the drop down menu 13 - 14 . Click "Activate this extension" 15 . Create a Wikipage with title "CVE-2022-42000". 16 . Copy
Scenario: Finding a Vulnerable Extension and Wikipage
In this scenario, we will find a vulnerable Extension and Wikipage by using the Proof of Concept (PoC) provided below. 1. Install and login to your BlueSpice instance 2. Click on ‘Add a social profile’ in BlueSpiceSocialProfile extension
3. Find Extension with vulnerability “CVE-2022-42000” in its name
4. For example, for extension “BlueSpiceChat”, click on ‘Edit Profile’ and select ‘Contact Info’ option from the drop-down menu
5. Enter anything you want in the ‘First Name:’ field and leave the rest empty (this is not necessary) 6. Press enter twice to proceed to next step 7. Go back to previous step by clicking on the back button 8. Select any option available for your selected Extension 9. Now go back to first step, which should now show you your chosen Extension's Wikipage
10. For example, if you clicked on ‘BlueSpiceChat’ before, you should see wikipedia page 11. If not, repeat steps 4-10 until you find Wikipage with vulnerability CVE-2022-42000
12. You can now follow PoC that was provided at beginning of article!
Timeline
Published on: 11/15/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:42:00 UTC