Full Disclosure mailing list archives
Vulnerabilities in GunCMS and PhoenixCMS PHP Edition
From: "MustLive" <mustlive () websecurity com ua>
Date: Sun, 4 Apr 2010 19:24:50 +0300
Hello Full-Disclosure! I want to warn you about security vulnerabilities in GunCMS and PhoenixCMS PHP Edition. GunCMS includes HoloCMS 3.1 and accordingly its vulnerabilities. And PhoenixCMS PHP Edition is based on HoloCMS. So I decided to put these vulnerabilities in two CMS into one advisory. ----------------------------- Advisory: Vulnerabilities in GunCMS and PhoenixCMS PHP Edition ----------------------------- URL: http://websecurity.com.ua/4075/ ----------------------------- Timeline: 17.03.2010 - found vulnerabilities. 27.03.2010 - disclosed at my site (first about GunCMS and later about PhoenixCMS PHP Edition). 29.03.2010 - informed developers of GunCMS. 02.04.2010 - informed developers of PhoenixCMS PHP Edition. ----------------------------- Details: These are Insufficient Anti-automation and Denial of Service vulnerabilities. The vulnerabilities exist in captcha script CaptchaSecurityImages.php, which is using in this system. I already reported about vulnerabilities in CaptchaSecurityImages (http://websecurity.com.ua/4043/). Insufficient Anti-automation: In GunCMS: http://site/path/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2 In PhoenixCMS PHP Edition: http://site/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2 Captcha bypass is possible via half-automated or automated (with using of OCR) methods, which were mentioned before (http://websecurity.com.ua/4043/). DoS: In GunCMS: http://site/path/captcha/CaptchaSecurityImages.php?width=1000&height=9000 In PhoenixCMS PHP Edition: http://site/captcha/CaptchaSecurityImages.php?width=1000&height=9000 With setting of large values of width and height it's possible to create large load at the server. Vulnerable are all versions of GunCMS. Vulnerable are PhoenixCMS PHP Edition 1.0.1 and previous versions. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerabilities in GunCMS and PhoenixCMS PHP Edition MustLive (Apr 04)