Sunday, November 1, 2009

SimBloSys - Simple Blog System: multiple vulnerabilities

While this blog software isn't known it is a really nice project, it makes use of ATOM instead of a SQL database, a few vulnerabilities where discovered in this product.

1. Advisory: SimBloSys – Simple Blog System ~ Multiple Vulnerabilities
2. Version Affected: 0.1,0.2
3. Component(s) Affected: source.php,index.php
4. Release Date: 02/11/2009
5. Background: SimBloSys is a GPL3 licensed blog system based on ATOM files.
Developed by whitone aka Stefano Cotta Ramusino (http://www.labinf.polito.it/whitone/)
6. Description:
XSS, HPP, Disclosure vulnerability, possible LFI have been found.
6.1 XSS & HPP ~ page affected: source.php
No checks are carried, a malicious user may inject client side scripts.
6.2 Disclosure vulnerability ~ page affected: index.php
Various informations are disclosed through the use of phpinfo().
6.3 checks are done only on file extension, every php file on the local webserver
with the right permissions could be seen.
7. Proof Of Concept:
7.1 XSS ~ http://localhost:80/source.php?page=
7.2 HPP ~ http://localhost:80/source.php?page=index.php&page=
7.3 Disclosure ~ http://localhost:80/index.php?info=1
8. Credits: Davide “ocean” Quarta ~ http://inseclab.netsons.org
9. Disclaimer:
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There is no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for any implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.
regards,
ocean


No comments: