Tag Archives: PHP Code

CVE-2014-4135 – phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

03 Monday Aug 2015

Posted by in CVE, XSS Attack

Leave a comment

Tags

, , , , , , , , ,

phpwind_xss1

 

CVE-2014-4135 – phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security Vulnerabilities

Product: phpwind

Vendor: phpwind

Vulnerable Versions: v8.7

Tested Version: v8.7

Advisory Publication: May 25, 2015

Latest Update: May 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-4135

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Caution Details:

 

(1) Vendor & Product Description:

Vendor:

phpwind

 

Product & Vulnerable Versions:

phpwind

v8.7

 

Vendor URL & Download:

Product can be obtained from here,

http://www.phpwind.net/thread/166

 

Product Introduction Overview:

“phpwind (abbreviation: pw) is a program based on PHP and MySQL open source community, and is one of the most popular general-Forum. phpwind ofstar first version was released in 2004. As of December 2013 phpwind brand items calculated by Ali cloud Co., Ltd. has, fully free open source software. Now accumulated more than one million websites use phpwind products, of which nearly 100,000 active website. Since the 2011 release PHPWind8.x series version, phpwind enhance community around the content value and promote community e-commerce two general direction of the development of multi-mode single-core products and achieve new forms of community. 2012 preparations for the release of phpwind9.0 will use self-developed Windframework phpwind framework and integrated computing architecture and so on Ali community cloud platform application center will provide a variety of solutions for future communities.

Today, the country’s 200,000 worth of small sites, there are nearly 100,000 community site uses phpwind, has accumulated more than one million sites use phpwind, there are 1,000 new sites every day use phpwind. These community sites covering 52 types of trades every day one million people gathered in phpwind build community, issued 50 million new information, visit more than one billion pages.

National Day PV30 million or more in 1000 about a large community, there are more than 500 sites selected phpwind station software provided, including by scouring link Amoy satisfaction, a daily e-commerce and marketing groups, and other on-line product vigorously increase in revenue for the site. Excellent partners, such as Xiamen fish, of Long Lane, Erquan network, Kunshan forum, the North Sea 360, Huizhou West Lake, Huashang like.”

 

 

 

(2) Vulnerability Details:

phpwind web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpwind has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “&url” parameter in “/goto.php?” page.

 

 

 

 

 

References:
http://www.tetraph.com/security/xss-vulnerability/phpwind-v8-7-xss/
http://www.inzeed.com/kaleidoscope/computer-security/phpwind-v8-7-xss/
https://webtechwire.wordpress.com/2015/05/24/phpwind-v8-7-xss/
http://securityrelated.blogspot.com/2015/05/phpwind-v87-xss.html
https://www.facebook.com/permalink.php?story_fbid=939922519396264&id=874373602617823
https://itswift.wordpress.com/2015/05/24/phpwind-v8-7-xss/
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01904.html
http://whitehatpost.blog.163.com/blog/static/24223205420154248491580/
http://cxsecurity.com/issue/WLB-2015040033
http://seclists.org/fulldisclosure/2015/Apr/38

 

Advertisements

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

13 Wednesday May 2015

Posted by in Computer Security, CVE, XSS Attack

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , , , , , ,

data-binary

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

 

Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: InstantForum.NET

Vendor: InstantASP

Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0

Tested Version: v4.1.3 v4.1.1 v4.1.2

Advisory Publication: February 18, 2015

Latest Update: April 05, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9468

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

Preposition Details:

 

(1) Vendor & Product Description:

 

Vendor:

InstantASP


Product & Version:

InstantForum.NET

v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0

 

 

Vendor URL & Download:

InstantForum.NET can be purchased from here,

http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html

 

 

Product Introduction Overview:

“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements.”


“The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators.”


“The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum.”

 

 

(2) Vulnerability Details:

InstantForum.NET web application has a cyber security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. InstantForum has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, cyber intelligence, attack defense and solutions details related to important vulnerabilities.

 

(2.1) The first programming code flaw occurs at “&SessionID” parameter in “Join.aspx?” page.


(2.2) The second programming code flaw occurs at “&SessionID” parameter in “Logon.aspx?” page.

 

 

 

References:

https://tetraph.wordpress.com/2015/05/13/cve-2014-9468/

http://whitehatview.tumblr.com/post/118853357881/tetraph-cve-2014-9468-instantasp

 

 

 

 

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities

12 Tuesday May 2015

Posted by in CVE, XSS Attack

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , , ,

iphone-ipad-mini-ipad

 

CVE-2014-9469  vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities

 

Exploit Title: vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
Product: vBulletin Forum
Vendor:vBulletin
Vulnerable Versions: 5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4
Tested Version:5.1.3 4.2.2
Advisory Publication: February 12, 2015
Latest Update:February 26, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9469
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Writer and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
 
 
 

Preposition Details:
(1) Vendor & Product Description:
Vendor:
vBulletin
 

Product & Version: 
vBulletin Forum
5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4
 

Vendor URL & Download: 
vBulletin can be acquired from here,

 

Product Introduction Overview:
“vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server.”
Since the initial release of the vBulletin forum product in 2000, there have been many changes and improvements. Below is a list of the major revisions and some of the changes they introduced. The current production version is 3.8.7, 4.2.2, and 5.1.3.
Simplified site set up and customization
The new Site Builder makes it easier than ever to build and manage a site. Customizable page templates, drag-and-drop configuration and in-line site editing simplify page layout. A variety of design themes can be easily selected.
Dynamic tools for content discovery
Customizable content modules provide enhanced content discovery, engaging users into deeper site visits. The vBulletin search has been re-architected to significantly improve the quality of its results, further facilitating content discovery.
Sleek new UI features activity stream and increased social engagement
Improved social functionality includes groups, new user profiles, comments functionality, an integrated messaging hub, social content curation, real-time updates and more.
Expanded photo and video capabilities
The new interface invites users to quickly post photos and video, expanding content on vBulletin sites. This media is then leveraged by being better integrated with the rest of a site’s content. User profiles provide an engaging aggregation of all media posted by them.
Category-leading mobile optimization
The integrated mobile-optimized version ensures smartphone visitors will stay longer and return.
Robust architecture
Improved architecture provides better performance and easier customization
Built-in SEO helps maximize search traffic
Easy-to-use upgrader tool available for vBulletin 3 and 4 sites, plus importer for sites on other forum software”

 
 
 

(2) Vulnerability Details:
vBulletin web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. vBulletion has patched some of them. Gmane (pronounced “mane”) is an e-mail to news gateway. It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list’s inclusion on the service. It has published suggestions, advisories, solutions related to important vulnerabilities.
 

(2.1) The programming code flaw occurs at “forum/help” page. Add “hash symbol” first. Then add script at the end of it.
 
 
 
 
 
 
Related Work:

CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities

11 Monday May 2015

Posted by in CVE, XSS Attack

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , , , ,

 shutterstock_22320859
 

CVE-2015-1475  – My Little Forum Multiple XSS Web Security Vulnerabilities

Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities

Vendor: My Little Forum

Product: My Little Forum

Vulnerable Versions: 2.3.3  2.2  1.7

Tested Version: 2.3.3  2.2  1.7

Advisory Publication: February 04, 2015

Latest Update: February 11, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2015-1475

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)

 
 
 

Recommendation Details:


(1) Vendor & Product Description


Vendor:

My Little Forum

Product & Version:

My Little Forum

2.3.3

2.2

1.7

Vendor URL & Download:

Product Description:

“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.


Features

Usenet like threaded tree structure of the messages

Different views of the threads possible (classical, table, folded)

Categories and tags

BB codes and smilies

Image upload

Avatars

RSS Feeds

Template engine (Smarty)

Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)

Localization: language files, time zone and UTF-8 support (see current version for already available languages)”

 
 

(2) Vulnerability Details:

My Little Forum  web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.

(2.1) The first programming code flaw occurs at “forum.php?” page with “&page”, “&category” parameters.

(2.2) The second programming code flaw occurs at “board_entry.php?” page with “&page”, “&order” parameters.

(2.3) The third programming code flaw occurs at  “forum_entry.php” page with “&order”, “&page” parameters.

 
 
 
 

References:

http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html

http://seclists.org/fulldisclosure/2015/Feb/15

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01652.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553

http://packetstormsecurity.com/files/authors/11270

http://marc.info/?a=139222176300014&r=1&w=4

http://lists.openwall.net/full-disclosure/2015/02/03/2

http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html

http://www.osvdb.org/creditees/12822-wang-jing

https://infoswift.wordpress.com/2015/05/12/cve-2015-1475-my-little-forum-multiple-xss-web-security-vulnerabilities/

https://twitter.com/tetraphibious/status/597971919892185088

http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html

https://www.facebook.com/tetraph/posts/1649600031926623

http://user.qzone.qq.com/2519094351/blog/1431403836

https://www.facebook.com/permalink.php?story_fbid=460795864075109&id=405943696226993

https://plus.google.com/+wangfeiblackcookie/posts/Sj63XDPhH1j

http://essayjeans.blog.163.com/blog/static/2371730742015412037547/#

http://whitehatpost.lofter.com/post/1cc773c8_6ed5839

http://whitehatview.tumblr.com/post/118754859716/cve-2015-1475-my-little-forum-multiple-xss-web

 

CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities

11 Saturday Apr 2015

Posted by in CVE, FPD, Information Leakage Attack

Leave a comment

Tags

, , , , , , , , , , , , , , , , , ,

theusgovernm

 

CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities


 

Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 5.01 3.12

Advisory Publication: February 27, 2015

Latest Update: May 05, 2015

Vulnerability Type: Information Leak / Disclosure [CWE-200]

CVE Reference: CVE-2015-2214

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

Credit and Writer: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 
 
 

Consultation Details:


 

(1) Vendor & Product Description:

Vendor:

NetCat


 

Product & Version:

NetCat

5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1


 

Vendor URL & Download:

NetCat can be accessed from here,

http://netcat.ru/


 

Product Introduction Overview:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card” with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section.”


“Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000.”


“We give a discount on any edition NetCat

We try to help our partners to enter into a close-knit team. To reduce your expenses on the development of a new system, we provide special conditions for the acquisition of commercial licenses NetCat, for a partner is assigned a permanent discount of 40%, which according to the results of further sales could be increased to 60%.”


“Teach your developers work with the secrets NetCat

In addition to the detailed documentation and video tutorials to new partners we offer a unique free service – direct contact with the developer from the team NetCat, which will help in the development of product development tools.”


“We give customers

Once you develop the three sites NetCat information about you appear in our ranking developers. This means that you not only begin to receive direct requests from clients but also become a member of tenders conducted by customers. In addition, if the partner is really good work, employees NetCat begin recommending it to clients requesting assistance in the choice of contractor.”


“We will help in the promotion of

The company is a regular participant NetCat large number of forums, seminars and conferences. We are happy to organize together with partners involved, help with advertising materials and share information for the report.”


“Confirmed its status in the eyes of customers

We have a very flexible system of certification of partners: we do not give certificates for the sale of licenses and for the developed sites. So, for example, to obtain a certificate “Development of corporate websites’ to add to your personal account three implementation of the appropriate type.”

 
 

(2) Vulnerability Details:

NetCat web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Netcat has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to important vulnerabilities.

 

(2.1) The first programming code flaw occurs at “&redirect_url” parameter in “netshop/post.php?” page.

 
 
 
 
 

References:

http://tetraph.com/security/full-path-disclosure-vulnerability/netcat-cms-full-path-disclosure-information-disclosure-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/02/netcat-cms-full-path-disclosure.html

http://seclists.org/fulldisclosure/2015/Mar/8

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01740.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1645

http://lists.openwall.net/full-disclosure/2015/03/02/6

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142527117510514&w=2

http://marc.info/?l=full-disclosure&m=142527117510514&w=4

https://itinfotechnology.wordpress.com/2015/02/25/netcat-cms-full-path-disclosure-information-disclosure-security-vulnerabilities/

http://www.tetraph.com/blog/information-leakage-vulnerability/cve-2015-2214-netcat-cms-full-path-disclosure-information-disclosure-web-security-vulnerabilities/

http://essayjeans.blog.163.com/blog/static/2371730742015411113047382/

http://www.weibo.com/1644370627/ChjMoA9hD?type=comment#_rnd1431315096193

http://homehut.lofter.com/post/1d226c81_6eae13a

 

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities

12 Thursday Feb 2015

Posted by in Computer Security

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , ,

vulnerability_scan_436x270

 

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title:  OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability

Vendor: OptimalSite

Product: OptimalSite Content Management System (CMS)

Vulnerable Versions: V.1 V2.4

Tested Version: V.1 V2.4

Advisory Publication: January 24, 2015

Latest Update: January 31, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9562

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Credit: Jing Wang [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)





Suggestion Details:

(1) Vendor & Product Description

Vendor:

OptimalSite


Product & Version:

OptimalSite Content Management System (CMS)

V.1

V2.4


Vendor URL & Download:

The product can be obtained from here,

http://www.optimalsite.com/en/


Product Description Overview:

“Content management system OptimalSite is an online software package that enables the management of information published on a website. OptimalSite consists of the system core and integrated modules, which allow expanding website possibilities and functionality. You may select a set of modules that suits your needs best.


Website page structure

Website page structure is presented in a tree structure similar to Windows Explorer, so that several page levels can be created for each item on the menu.  The website’s structure itself can be easily edited: you can create new website pages, delete unnecessary ones, and temporarily disable individual pages.


Website languages

OptimalSite may be used to create a website in different languages, the number of which is not limited. Different information may be presented in each separate language and the structure of pages in each language may also differ.


WYSIWYG (What You See Is What You Get) text editor

Using this universal text editor makes posting and replacing information on the website effortless.   Even a minimum knowledge of MS Word and MS Excel will make it easy to use the tools of WYSIWYG text editor and implement your ideas.


Search function in the system

By using search function system’s administrator is able to find any information that is published in administrative environment. It is possible to execute a search in the whole system and in separate its’ modules as well.


Recycle bin function

System administrator is able to delete useless data.  All deleted data is stored in recycle bin, so administrator can restore information anytime. “




(2) Vulnerability Details:

OptimalSite web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other the similar product 0-day vulnerabilities have been found by some other bug hunter researchers before. OptinalSite has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities.


(2.1) The code programming flaw occurs at “&image” parameter in “display_dialog.php” page.






References:

http://www.tetraph.com/blog/xss-vulnerability/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

http://www.inzeed.com/kaleidoscope/xss-vulnerability/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9562

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9562

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01646.html

http://lists.openwall.net/full-disclosure/2015/02/02/3

http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1546

https://redysnowfox.wordpress.com/2015/05/10/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

http://japanbroad.blogspot.sg/2015/05/cve-2014-9562-optimalsite-content.html

http://tetraph.blog.163.com/blog/static/234603051201541082835108/

https://www.facebook.com/permalink.php?story_fbid=1025716320801705&id=922151957824809

https://twitter.com/yangziyou/status/597377123976785920

http://www.weibo.com/5337321538/ChdW1skbf?ref=home&rid=0_0_1_2666499023890563989&type=comment#_rnd1431261523301

https://plus.google.com/110001022997295385049/posts/7rNn4ynjzRP

http://itsecurity.lofter.com/post/1cfbf9e7_6e96648

http://securitypost.tumblr.com/post/118602594462/cve-2014-9562-optimalsite-content-management

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

10 Tuesday Feb 2015

Posted by in Uncategorized

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , ,

CVE-2014-9560  Softbb.net SoftBB SQL Injection Security Vulnerabilities

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)

CVE Reference: CVE-2014-9560

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by SQL Injection attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

References:

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

30 Tuesday Dec 2014

Posted by in CVE, Web Security

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , ,

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: URL Redirection to Untrusted Site  [CWE-601]
CVE Reference: CVE-2014-8489
CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 10.0
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

http://article.gmane.org/gmane.comp.security.fulldisclosure/1302/match=

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

30 Tuesday Dec 2014

Posted by in Computer Security, CVE

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , ,

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Product: WebPress
Vendor: goYWP
Vulnerable Versions: 13.00.06
Tested Version: 13.00.06
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8751
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

http://cxsecurity.com/issue/WLB-2014120057

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Security Vulnerability

30 Tuesday Dec 2014

Posted by in Computer Security, Open Redirect Attack

Leave a comment

Tags

, , , , , , , , , , , , , , , , , , ,

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Security Vulnerability

Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Security Vulnerability
Product: WordPress Ad-Manager Plugin
Vendor: CodeCanyon
Vulnerable Versions: 1.1.2
Tested Version: 1.1.2
Advisory Publication: Nov 25, 2014
Latest Update: Nov 25, 2014
Vulnerability Type: URL Redirection to Untrusted Site  [CWE-601]
CVE Reference: CVE-2014-8754
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

http://securityrelated.blogspot.com/2014/12/cve-2014-8754-wordpress-ad-manager.html