lavalite/cms

vulnerability lack of rate limiting
severity 3.7
language php
registry packagist

Description

I encountered RateLimiting in the login page of the LavaLite/CMS repo while performing recon to find the CMS XSS bug that is among the bugs to be fixed on the huntr platform. Lavalite/CMS is an open source version of the Content Management System developed with Laravel framework.

POC

  1. Clone and setup Lavalite/CMS or just test in the CMS demo website.

  2. A successful request will look like this.

  3. I used an intruder with 1 thread in BURP comunity edition to test for rate limiting on the password field.

  4. While rate limiting has not been triggered, the Lavalite/CMS login will direct itself to the login page for wrong passwords. See references.

Intruder setups: