Archive

Archive for March, 2007

WordPress “”PHP_SELF” XSS

March 26th, 2007

Application: WordPress CMS
Version: 2.1.2 or below
Vendor’s URL: http://wordpress.org/
Bug Type: Cross Site Scripting
Risk: Low

Solution:
- Update to version 2.0.10-RC2 or 2.1.3-RC2

Content Management, Cross Site Scripting

PHPX XSS & Sql Injections

March 26th, 2007

Application: PhpX
Version: 3.5.15 or below
Vendor’s URL: http://www.phpx.org
Bug Type: Cross Site Scripting and Sql Injections
Risk: High

Solution:
- Edit the source code to ensure that input is properly sanitized
- Waiting for the official patches that will be available at here

Content Management, Cross Site Scripting, SQL Injection

Tip Of the Day: Be proactive

March 20th, 2007

Exabytes EBiz Linux hosting plan comes with Fantastico package that includes many Content Management System (CMS) such as drupal, wordpress, phpnuke, postnuke and others.

It’s understandable that users would want to try out those CMSes and would install them once they have the chance. Installing is good, but, users are advised to uninstall those CMSes after testing it. Yes, we use the word “testing” here because the Content Management Systems found in Fantastico are merely for testing purposes and are not updated immediately when vulnerabilities are found. If you have forgotten to clean it up (in other words, uninstall) or unaware of this matter, it may jeopardize your web site and leads to harmful threats. To add to that, with many unused CMSes (or you can term them as “vulnerable applications”) installed in your site, it may deter the effectiveness of our Security Engineers in finding the root of the threats.

Therefore, we would like to notify all our loyal clients that you can actually download the latest and secure version of your favourite CMS at their official websites (To name a few, wordpress.org and drupal.org). But, do ensure that you have uninstalled those CMSes that you have previously tested from the Fantastico package. And, yeah, as simple as that, you will ensure that your site is a safer one now. Moreover, the latest versions with its patches and updates are free! All you need is to be proactive and that’s the best way to secure your site!

Cheers!

Tips

vBulletin SQL Injection

March 15th, 2007

Application: vBulletin
Version: 3.6.5 or earlier
Vendor’s URL: http://www.vbulletin.com/
Bug Type: SQL Injection
Risk: Low

Solution:
- Edit the source code to ensure that input is properly sanitized.
- Waiting for official patch/update from vendor
- http://www.vbulletin.org/forum/portal.php

Content Management, SQL Injection

PHProjekt Multiple Vulnerabilities

March 15th, 2007

Application: PHProjekt
Version: 5.2 and earlier
Vendor’s URL: http://www.phprojekt.com/
Bug Type: Cross Site Attacks, Sql Injection
Risk: High

Solution:
- Update to the latest version - 5.2.1

Content Management, Cross Site Scripting, SQL Injection

WordPress “year” XSS

March 14th, 2007

Application: WordPress CMS
Version: 2.1.2 or earlier
Vendor’s URL: http://wordpress.org/
Bug Type: Cross Site Scripting
Risk: High

Solution:
- Edit the source code in general-template.php to ensure the input is sanitized
- http://trac.wordpress.org/changeset/5003

Content Management, Cross Site Scripting

PHP-Nuke “lang” Local File Inclusion

March 14th, 2007

Application: PHP-Nuke
Version: 8.0, 7.9 or below
Vendor’s URL: http://phpnuke.org/
Bug Type: Access Bypassing
Risk: High

Solution:
- Edit the source code to ensure that input is properly verified
- Set “magic_quotes_gpc” to On
- Waiting for official patch from vendor

Access Bypass, Content Management

PHPEcho CMS SQL Injection

March 14th, 2007

Application: PHPEcho CMS
Version: 1.5
Vendor’s URL: http://sourceforge.net/projects/phpechocms/
Bug Type: SQL Injection
Risk: Medium

Solution:
- Update to version 1.6, it can be downloaded via Vendor’s URL

Content Management, SQL Injection

Drupal: Private Issue Exposure

March 9th, 2007
Comments Off

Application: Drupal Project issue tracking module
Version: 4.7.x-1.3 or below and 4.7.x-2.3 or below
Vendor’s URL: http://drupal.org/
Bug Type: Access Bypassing
Risk: Medium

Solution:
- Update to the latest version that you can find here -
- http://drupal.org/project/project_issue

Access Bypass, Content Management

Drupal: Profile Security Bypass

March 9th, 2007
Comments Off

Application: Drupal Nodefamily Module
Version: 5.x-1.0 but not 4.7 branch
Vendor’s URL: http://drupal.org/
Bug Type: Access Bypassing
Risk: Medium

Description: This vulnerability only affects to drupal installation with Nodefamily module.

Solution:
- Update Nodefamily module to latest version that you can find here:
- http://drupal.org/node/123126

Access Bypass, Content Management

WordPress “demo” XSS

March 9th, 2007

Application: WordPress CMS
Version: 2.1.2 or below
Vendor’s URL: http://wordpress.org/
Bug Type: Cross Site Scripting
Risk: Low

Solution:
- Edit the source code(admin.php) to ensure that input is properly sanitised.
- Please keep your eyes close to vendor site for further update to fix the bug mentioned.

Content Management, Cross Site Scripting

Snitz Forum 2000 Script Insertion Vulnerability

March 9th, 2007
Comments Off

Application: Snitz Forum 2000
Version: 3.4.06 or below
Vendors URL: http://forum.snitz.com/
Bug Type: Cross Site Scripting(XSS)
Risk: High

Solution:
- Edit the source code(pop_profile.asp) to ensure that input is properly sanitised
- Grant only trusted users access to the application
- Currently waiting for the bugs fix from respected vendor
- http://forum.snitz.com/forum/forum.asp?FORUM_ID=118

Content Management, Cross Site Scripting