Bugtraq mailing list archives
Re: New vulnerabilities in CMS SiteLogic
From: "MustLive" <mustlive () websecurity com ua>
Date: Mon, 26 Apr 2010 17:16:23 +0300
Hello Salvatore!
with very very low risk (you need to know the access to the control panel).
I'm agree with you that it's not vulnerability with very high risk, but it's risk is not such low as you said. Because I have not such value of risk as "very very low" (my minimum value is low aka "1/5") and for this kind of vulnerability (which allow code execution for authenticated users) I'm always giving risk value as moderate (aka "2/5"). Because there is a risk for a site. And taking into account all those holes in CMS SiteLogic which I reported to security mailing lists, which easily allow to gain access to admin panel, the risk of this vulnerability is even growth (in combination with other vulnerabilities).
Many web hosting provider doesn't allow an user to execute commands
It's not a problem for serious hackers. Even those commands which allowed on average server are enough for many things ;-).
This is not a command execution vulnerability but an arbitrary file upload
I called this type of vulnerability as Command Execution (as a vulnerability which belongs to Command Execution category in WASC TC v.1, or it can be also used OS Commanding (WASC-31) class in WASC TC), because arbitrary file uploading leads to code execution. Only in case if uploading of scripts is not allowed, only other files, then I used term Arbitrary File Upload (which belongs to Abuse of Functionality (WASC-42) class in WASC TC). There is no "Arbitrary File Upload" class not in WASC TC v.1, not in TC v.2. And in my work I'm using only WASC TC v.1 and TC v.2. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua----- Original Message ----- From: "Salvatore Fresta aka Drosophila" <drosophilaxxx () gmail com>
To: "MustLive" <mustlive () websecurity com ua>; "Bugtraq" <bugtraq () securityfocus com> Sent: Monday, April 19, 2010 10:12 PM Subject: Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic 2010/4/18 MustLive <mustlive () websecurity com ua>:
Command Execution: It's possible to upload arbitrary files (shell upload) via module “Banner system” in admin panel.
This is not a command execution vulnerability but an arbitrary file upload vulnerability with very very low risk (you need to know the access to the control panel). Many web hosting provider doesn't allow an user to execute commands using the classic functions, such as system, shell_execute and others. -- Salvatore Fresta aka Drosophila http://www.salvatorefresta.net CWNP444351
Current thread:
- [Suspected Spam]New vulnerabilities in CMS SiteLogic MustLive (Apr 19)
- Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic Salvatore Fresta aka Drosophila (Apr 20)
- Re: New vulnerabilities in CMS SiteLogic MustLive (Apr 26)
- Message not available
- New vulnerabilities in CMS SiteLogic Salvatore Fresta aka Drosophila (Apr 26)
- Re: New vulnerabilities in CMS SiteLogic MustLive (Apr 26)
- Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic Salvatore Fresta aka Drosophila (Apr 20)