Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

gconts_xss1

 

Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS Security Vulnerabilities

Product: Gcon Tech Solutions

Vendor: Gcon Tech Solutions

Vulnerable Versions: v1.0

Tested Version: v1.0

Advisory Publication: May 23, 2015

Latest Update: May 23, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

Gcon Tech Solutions

 

Product & Vulnerable Versions:

Gcon Tech Solutions

v1.0

 

Vendor URL & Download:

Gcon Tech Solutions can be obtained from here,

http://www.gconts.com/Development.htm

 

Google Dork:

“Developed and maintained by Gcon Tech Solutions"

 

Product Introduction Overview:

“Over the years we have developed business domain knowledge various business areas. We provide Development Services either on time and material or turn-key fixed prices basis, depending on the nature of the project. Application Development Services offered by Gcon Tech Solutions help streamline business processes, systems and information. Gcon Tech Solutions has a well-defined and mature application development process, which comprises the complete System Development Life Cycle (SDLC) from defining the technology strategy formulation to deploying, production operations and support. We fulfill our client’s requirement firstly from our existing database of highly skilled professionals or by recruiting the finest candidates locally. We analyze your business requirements and taking into account any constraints and preferred development tools, prepare a fixed price quote. This offers our customers a guaranteed price who have a single point contact for easy administration. We adopt Rapid Application Development technique where possible for a speedy delivery of the Solutions. Salient Features of Gcon Tech Solutions Application Development Services: (a) Flexible and Customizable. (b) Industry driven best practices. (c) Knowledgebase and reusable components repository. (d) Ensure process integration with customers at project initiation"

 

 

 

(2) Vulnerability Details:

Gcon Tech Solutions web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Gcon Tech Solutions has patched some of them. The Mail Archive automatically detects when it receives mail from a new list. Thus, you are encouraged, although certainly not required, to send a test message to the newly archived list. If you are adding several lists to the archive, send a separate and distinct test message to each one. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “&id" parameter in “content.php?" page.

 

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/gcon-tech-solutions-v1-0-xss/

http://securityrelated.blogspot.com/2015/05/gcon-tech-solutions-v10-xss-cross-site.html

http://www.inzeed.com/kaleidoscope/computer-web-security/gcon-tech-solutions-v1-0-xss/

http://diebiyi.com/articles/security/gcon-tech-solutions-v1-0-xss/

https://webtechwire.wordpress.com/2015/05/23/gcon-tech-solutions-v1-0-xss/

http://computerobsess.blogspot.com/2015/05/gcon-tech-solutions-v10-xss.html

http://whitehatpost.blog.163.com/blog/static/24223205420154245138791/

https://itswift.wordpress.com/2015/05/24/gcon-tech-solutions-v1-0-xss/

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02028.html

http://cxsecurity.com/issue/WLB-2015050068

http://seclists.org/fulldisclosure/2015/May/34

https://www.bugscan.net/#!/x/21839

http://www.openwall.com/lists/oss-security/2015/05/22/6

http://lists.openwall.net/full-disclosure/2015/04/05/8

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1957

Web Technology Wire

gconts_xss1

Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS Security Vulnerabilities

Product: Gcon Tech Solutions

Vendor: Gcon Tech Solutions

Vulnerable Versions: v1.0

Tested Version: v1.0

Advisory Publication: May 23, 2015

Latest Update: May 23, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

Gcon Tech Solutions

Product & Vulnerable Versions:

Gcon Tech Solutions

v1.0

Vendor URL & Download:

Gcon Tech Solutions can be obtained from here,

http://www.gconts.com/Development.htm

Google Dork:

“Developed and maintained by Gcon Tech Solutions"

Product Introduction Overview:

“Over the years we have developed business domain knowledge various business areas. We provide…

View original post 詳見內文:約344字

廣告

Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities

gconts_sql2

 

Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities

 

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter SQL Injection Security Vulnerabilities

Product: Gcon Tech Solutions

Vendor: Gcon Tech Solutions

Vulnerable Versions: v1.0

Tested Version: v1.0

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

Gcon Tech Solutions

 

Product & Vulnerable Versions:

Gcon Tech Solutions

v1.0

 

Vendor URL & Download:

Gcon Tech Solutions can be obtained from here,

http://www.gconts.com/Development.htm

 

Google Dork:

“Developed and maintained by Gcon Tech Solutions"

 

Product Introduction Overview:

“Over the years we have developed business domain knowledge various business areas. We provide Development Services either on time and material or turn-key fixed prices basis, depending on the nature of the project. Application Development Services offered by Gcon Tech Solutions help streamline business processes, systems and information. Gcon Tech Solutions has a well-defined and mature application development process, which comprises the complete System Development Life Cycle (SDLC) from defining the technology strategy formulation to deploying, production operations and support. We fulfill our client’s requirement firstly from our existing database of highly skilled professionals or by recruiting the finest candidates locally. We analyze your business requirements and taking into account any constraints and preferred development tools, prepare a fixed price quote. This offers our customers a guaranteed price who have a single point contact for easy administration. We adopt Rapid Application Development technique where possible for a speedy delivery of the Solutions. Salient Features of Gcon Tech Solutions Application Development Services: (a) Flexible and Customizable. (b) Industry driven best practices. (c) Knowledgebase and reusable components repository. (d) Ensure process integration with customers at project initiation"

 

 

 

(2) Vulnerability Details:

Gcon Tech Solutions web application has a computer cyber security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Gcon Tech Solutions has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to SQL Injection vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “content.php?" page with “&id" parameter.

 

 

 

 

 

References:

http://www.tetraph.com/security/sql-injection-vulnerability/gcon-tech-solutions-v1-0-sql/

http://securityrelated.blogspot.com/2015/05/gcon-tech-solutions-v10-sql.html

http://www.diebiyi.com/articles/security/gcon-tech-solutions-v1-0-sql/

http://www.inzeed.com/kaleidoscope/computer-web-security/gcon-tech-solutions-v1-0-sql/

http://computerobsess.blogspot.com/2015/05/gcon-tech-solutions-v10-sql.html

https://itswift.wordpress.com/2015/05/23/gcon-tech-solutions-v1-0-sql/

http://whitehatpost.blog.163.com/blog/static/242232054201542455422939/

https://webtechwire.wordpress.com/2015/05/24/gcon-tech-solutions-v1-0-sql/

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01766.html

http://cxsecurity.com/issue/WLB-2015040036

http://seclists.org/fulldisclosure/2015/May/32

https://www.bugscan.net/#!/x/21454

http://lists.openwall.net/full-disclosure/2015/05/08/8

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1955

 

Web Technology Wire

gconts_sql2

Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter SQL Injection Security Vulnerabilities

Product: Gcon Tech Solutions

Vendor: Gcon Tech Solutions

Vulnerable Versions: v1.0

Tested Version: v1.0

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

Gcon Tech Solutions

Product & Vulnerable Versions:

Gcon Tech Solutions

v1.0

Vendor URL & Download:

Gcon Tech Solutions can be obtained from here,

http://www.gconts.com/Development.htm

Google Dork:

“Developed and maintained by Gcon Tech Solutions"

Product Introduction Overview:

“Over the years…

View original post 詳見內文:約319字

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

sitefact_xss2

 

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security Vulnerabilities

Product: SITEFACT CMS (Content Management System)

Vendor: SITEFACT

Vulnerable Versions: version 2.01

Tested Version: version 2.01

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

SITEFACT

 

Product & Vulnerable Versions:

SITEFACT

version 2.01

 

Vendor URL & Download:

Product can be obtained from here,

http://www.sitefact.de/index.cfm?resid=1&res=1024&sid=2&skt=2279

 

Google Dork:

“Powered by SITEFACT"

 

Product Introduction Overview:

“Publish . Your content without any prior knowledge on the Internet Numerous integrated tools are available . Images, documents and movies can be provided with a click. We present yourself individually and professionally to your CI and your wishes . About a layout interface design can change at any time , or of course your own layout to be integrated. Our content management system is designed for search engine indexing . You can easily book your website for search engines like Google , Bing , Yahoo , … optimize .."

“By running his own web server , you do not need a provider and need to install anything . Updates are performed automatically and for free . All you need is a PC with Internet access. SITE FACT is a proprietary development of Arvenia GmbH . Therefore, we can always realize your individual wishes and integrate them into SITE FACT. If you need our assistance , please contact our free support. With personal contact and landline number during the entire runtime."

 

 

 

(2) Vulnerability Details:

SITEFACT web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. SITEFACT has patched some of them. The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here! It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming flaw occurs at “/index.cfm?" page with “&res" “&skt" “&pid" parameters.

 

(2.2) The second programming flaw occurs at login domain “/index.cfm?" page with “&sid" parameter.

 

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/sitefact-cms-xss/

http://securityrelated.blogspot.com/2015/05/sitefact-cms-xss.html

http://www.inzeed.com/kaleidoscope/computer-security/sitefact-cms-xss/

http://www.diebiyi.com/articles/security/sitefact-cms-xss/

https://itswift.wordpress.com/2015/05/24/sitefact-cms-xss/

https://www.facebook.com/pcwebsecurities/posts/695045367308050

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02031.html

http://computerobsess.blogspot.com/2015/05/sitefact-cms-xss.html

https://webtechwire.wordpress.com/2015/05/24/sitefact-cms-xss/

http://whitehatpost.blog.163.com/blog/static/242232054201542474057982/

http://cxsecurity.com/issue/WLB-2015030073

http://seclists.org/fulldisclosure/2015/Mar/2

https://www.facebook.com/tetraph/posts/1655170311369595

https://www.bugscan.net/#!/x/21256

http://permalink.gmane.org/gmane.comp.security.oss.general/16882

http://lists.openwall.net/full-disclosure/2015/05/08/7

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1958

Web Technology Wire

sitefact_xss2

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security Vulnerabilities

Product: SITEFACT CMS (Content Management System)

Vendor: SITEFACT

Vulnerable Versions: version 2.01

Tested Version: version 2.01

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

SITEFACT

Product & Vulnerable Versions:

SITEFACT

version 2.01

Vendor URL & Download:

Product can be obtained from here,

http://www.sitefact.de/index.cfm?resid=1&res=1024&sid=2&skt=2279

Google Dork:

“Powered by…

View original post 詳見內文:約401字

phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

phpwind_xss1

 

phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security Vulnerabilities

Product: phpwind

Vendor: phpwind

Vulnerable Versions: v8.7

Tested Version: v8.7

Advisory Publication: May 25, 2015

Latest Update: May 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Caution Details:

 

(1) Vendor & Product Description:

Vendor:

phpwind

 

Product & Vulnerable Versions:

phpwind

v8.7

 

Vendor URL & Download:

Product can be obtained from here,

http://www.phpwind.net/thread/166

 

Product Introduction Overview:

“phpwind (abbreviation: pw) is a program based on PHP and MySQL open source community, and is one of the most popular general-Forum. phpwind ofstar first version was released in 2004. As of December 2013 phpwind brand items calculated by Ali cloud Co., Ltd. has, fully free open source software. Now accumulated more than one million websites use phpwind products, of which nearly 100,000 active website. Since the 2011 release PHPWind8.x series version, phpwind enhance community around the content value and promote community e-commerce two general direction of the development of multi-mode single-core products and achieve new forms of community. 2012 preparations for the release of phpwind9.0 will use self-developed Windframework phpwind framework and integrated computing architecture and so on Ali community cloud platform application center will provide a variety of solutions for future communities.

Today, the country’s 200,000 worth of small sites, there are nearly 100,000 community site uses phpwind, has accumulated more than one million sites use phpwind, there are 1,000 new sites every day use phpwind. These community sites covering 52 types of trades every day one million people gathered in phpwind build community, issued 50 million new information, visit more than one billion pages.

National Day PV30 million or more in 1000 about a large community, there are more than 500 sites selected phpwind station software provided, including by scouring link Amoy satisfaction, a daily e-commerce and marketing groups, and other on-line product vigorously increase in revenue for the site. Excellent partners, such as Xiamen fish, of Long Lane, Erquan network, Kunshan forum, the North Sea 360, Huizhou West Lake, Huashang like."

 

 

 

(2) Vulnerability Details:

phpwind web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpwind has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “&url" parameter in “/goto.php?" page.

 

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/phpwind-v8-7-xss/

http://www.inzeed.com/kaleidoscope/computer-security/phpwind-v8-7-xss/

https://webtechwire.wordpress.com/2015/05/24/phpwind-v8-7-xss/

http://diebiyi.com/articles/security/phpwind-v8-7-xss/

http://securityrelated.blogspot.com/2015/05/phpwind-v87-xss.html

https://www.facebook.com/permalink.php?story_fbid=939922519396264&id=874373602617823

https://itswift.wordpress.com/2015/05/24/phpwind-v8-7-xss/

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01904.html

http://whitehatpost.blog.163.com/blog/static/24223205420154248491580/

http://cxsecurity.com/issue/WLB-2015040033

http://seclists.org/fulldisclosure/2015/Apr/38

https://www.facebook.com/essayjeans/posts/832797850144702

https://www.bugscan.net/#!/x/21257

http://lists.openwall.net/full-disclosure/2015/04/05/9

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1954

Web Technology Wire

phpwind_xss1

phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security Vulnerabilities

Product: phpwind

Vendor: phpwind

Vulnerable Versions: v8.7

Tested Version: v8.7

Advisory Publication: May 25, 2015

Latest Update: May 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Caution Details:

(1) Vendor & Product Description:

Vendor:

phpwind

Product & Vulnerable Versions:

phpwind

v8.7

Vendor URL & Download:

Product can be obtained from here,

http://www.phpwind.net/thread/166

Product Introduction Overview:

“phpwind (abbreviation: pw) is a program based on…

View original post 詳見內文:約398字

phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

phpwind_xss2

 

phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

 

Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security Vulnerabilities

Product: phpwind

Vendor: phpwind

Vulnerable Versions: v8.7

Tested Version: v8.7

Advisory Publication: May 25, 2015

Latest Update: May 25, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Caution Details:

 

(1) Vendor & Product Description:

Vendor:

phpwind

 

Product & Vulnerable Versions:

phpwind

v8.7

 

Vendor URL & Download:

Product can be obtained from here,

http://www.phpwind.net/thread/166

 

Product Introduction Overview:

“Today, the country’s 200,000 worth of small sites, there are nearly 100,000 community site uses phpwind, has accumulated more than one million sites use phpwind, there are 1,000 new sites every day use phpwind. These community sites covering 52 types of trades every day one million people gathered in phpwind build community, issued 50 million new information, visit more than one billion pages. National Day PV30 million or more in 1000 about a large community, there are more than 500 sites selected phpwind station software provided, including by scouring link Amoy satisfaction, a daily e-commerce and marketing groups, and other on-line product vigorously increase in revenue for the site. Excellent partners, such as Xiamen fish, of Long Lane, Erquan network, Kunshan forum, the North Sea 360, Huizhou West Lake, Huashang like.

phpwind recent focus on strengthening community media value, expand e-commerce applications community. phpwind focus on small sites to explore the value of integration and applications, we believe that the website that is community, the community can provide a wealth of applications to meet people access to information, communication, entertainment, consumer and other living needs, gain a sense of belonging, become online home . With the development of the Internet, in the form of the site will be more abundant, the integration of the Forum, more forms of information portals, social networking sites, we will integrate these applications to products which, and to create the most optimized user experience. phpwind mission is to make the community more valuable, so that more people enjoy the convenience of the Internet community in order to enhance the quality of life."

 

 

 

(2) Vulnerability Details:

phpwind web application has a computer cyber security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpwind has patched some of them. The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here! It also publishs suggestions, advisories, solutions details related to Open Redirect vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “&url" parameter in “/goto.php?" page.

 

 

 

 

 

References:

http://www.tetraph.com/security/open-redirect/phpwind-v8-7-open-redirect/

http://securityrelated.blogspot.com/2015/05/phpwind-v87-xss.html

http://www.inzeed.com/kaleidoscope/computer-security/phpwind-v8-7-open-redirect/

https://www.facebook.com/permalink.php?story_fbid=836880753013969&id=767438873291491

https://webtechwire.wordpress.com/2015/05/24/phpwind-v8-7-open-redirect-2/

http://diebiyi.com/articles/security/phpwind-v8-7-open-redirect/

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01741.html

https://itswift.wordpress.com/2015/05/24/phpwind-v8-7-open-redirect/

http://whitehatpost.blog.163.com/blog/static/242232054201542495731506/

http://cxsecurity.com/issue/WLB-2015030028

http://seclists.org/fulldisclosure/2015/Apr/35

http://www.openwall.com/lists/oss-security/2015/05/22/7

http://permalink.gmane.org/gmane.comp.security.oss.general/16883

https://www.facebook.com/websecuritiesnews/posts/796475067139332

http://computerobsess.blogspot.com/2015/05/phpwind-v87-open-redirect.html

http://lists.openwall.net/full-disclosure/2015/04/15/1

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1841

Web Technology Wire

phpwind_xss2

phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security Vulnerabilities

Product: phpwind

Vendor: phpwind

Vulnerable Versions: v8.7

Tested Version: v8.7

Advisory Publication: May 25, 2015

Latest Update: May 25, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Caution Details:

(1) Vendor & Product Description:

Vendor:

phpwind

Product & Vulnerable Versions:

phpwind

v8.7

Vendor URL & Download:

Product can be obtained from here,

View original post 詳見內文:約536字

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

data-binary

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

 

Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: InstantForum.NET

Vendor: InstantASP

Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0

Tested Version: v4.1.3 v4.1.1 v4.1.2

Advisory Publication: February 18, 2015

Latest Update: April 05, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9468

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

Preposition Details:

 

(1) Vendor & Product Description:

 

Vendor:

InstantASP


Product & Version:

InstantForum.NET

v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0

 

 

Vendor URL & Download:

InstantForum.NET can be purchased from here,

http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html

 

 

Product Introduction Overview:

“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements."


“The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators."


“The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum."

 

 

(2) Vulnerability Details:

InstantForum.NET web application has a cyber security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. InstantForum has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, cyber intelligence, attack defense and solutions details related to important vulnerabilities.

 

(2.1) The first programming code flaw occurs at “&SessionID" parameter in “Join.aspx?” page.


(2.2) The second programming code flaw occurs at “&SessionID" parameter in “Logon.aspx?” page.

 

 

 

References:

https://tetraph.wordpress.com/2015/05/13/cve-2014-9468/

http://whitehatview.tumblr.com/post/118853357881/tetraph-cve-2014-9468-instantasp

 

 

 

 

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities

iphone-ipad-mini-ipad

 

CVE-2014-9469  vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities

 

Exploit Title: vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
Product: vBulletin Forum
Vendor:vBulletin
Vulnerable Versions: 5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4
Tested Version:5.1.3 4.2.2
Advisory Publication: February 12, 2015
Latest Update:February 26, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9469
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Writer and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
 
 
 

Preposition Details:
(1) Vendor & Product Description:
Vendor:
vBulletin
 

Product & Version: 
vBulletin Forum
5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4
 

Vendor URL & Download: 
vBulletin can be acquired from here,

 

Product Introduction Overview:
“vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server."
Since the initial release of the vBulletin forum product in 2000, there have been many changes and improvements. Below is a list of the major revisions and some of the changes they introduced. The current production version is 3.8.7, 4.2.2, and 5.1.3.
Simplified site set up and customization
The new Site Builder makes it easier than ever to build and manage a site. Customizable page templates, drag-and-drop configuration and in-line site editing simplify page layout. A variety of design themes can be easily selected.
Dynamic tools for content discovery
Customizable content modules provide enhanced content discovery, engaging users into deeper site visits. The vBulletin search has been re-architected to significantly improve the quality of its results, further facilitating content discovery.
Sleek new UI features activity stream and increased social engagement
Improved social functionality includes groups, new user profiles, comments functionality, an integrated messaging hub, social content curation, real-time updates and more.
Expanded photo and video capabilities
The new interface invites users to quickly post photos and video, expanding content on vBulletin sites. This media is then leveraged by being better integrated with the rest of a site’s content. User profiles provide an engaging aggregation of all media posted by them.
Category-leading mobile optimization
The integrated mobile-optimized version ensures smartphone visitors will stay longer and return.
Robust architecture
Improved architecture provides better performance and easier customization
Built-in SEO helps maximize search traffic
Easy-to-use upgrader tool available for vBulletin 3 and 4 sites, plus importer for sites on other forum software"

 
 
 

(2) Vulnerability Details:
vBulletin web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. vBulletion has patched some of them. Gmane (pronounced “mane") is an e-mail to news gateway. It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list’s inclusion on the service. It has published suggestions, advisories, solutions related to important vulnerabilities.
 

(2.1) The programming code flaw occurs at “forum/help" page. Add “hash symbol" first. Then add script at the end of it.
 
 
 
 
 
 
Related Work: