CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities

smartphone-safety-security-secure-smartphone

CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities

 

Exploit Title: CVE-2015-2563 Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Web Security Vulnerabilities

Product: phpVID

Vendor: Vastal I-tech

Vulnerable Versions: 1.2.3 0.9.9

Tested Version: 1.2.3 0.9.9

Advisory Publication: March 13, 2015

Latest Update: April 25, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: CVE-2015-2563

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

Direction Details:



(1) Vendor & Product Description:



Vendor:

Vastal I-tech

 

Product & Vulnerable Versions:

phpVID

1.2.3

0.9.9

 

 

Vendor URL & Download:

phpVID can be approached from here,

http://www.vastal.com/phpvid-the-video-sharing-software.html#.VP7aQ4V5MxA


Product Introduction Overview:

“phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com. The features include the following. phpVID is the best youtube clone available. The latest features include the parsing of the subtitles file and sharing videos via facebook. With phpVID Video Sharing is extremely easy.”


“The quality of code and the latest web 2.0 technologies have helped our customers to achieve their goals with ease. Almost all customers who have purchased phpVID are running a successful video sharing website. The quality of code has helped in generating more then 3 million video views a month using a “single dedicated server”. phpVID is the only software in market which was built in house and not just purchased from someone. We wrote the code we know the code and we support the code faster then anyone else. Have any questions/concerns please contact us at: info@vastal.com. See demo at: http://www.phpvid.com. If you would like to see admin panel demo please email us at: info@vastal.com.”


“Server Requirements:

Preferred Server: Linux any Version

PHP 4.1.0 or above

MySQL 3.1.10 or above

GD Library 2.0.1 or above

Mod Rewrite and .htaccess enabled on server.

FFMPEG (If you wish to convert the videos to Adobe Flash)”

 

 

(2) Vulnerability Details:

phpVID web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Other bug hunter researchers have found some SQL Injection vulnerabilities related to it before, too. phpVID has patched some of them.


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpVID has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to important vulnerabilities.



(2.1) The first code programming flaw occurs at “&order_by” “&cat” parameters in “groups.php?” page.

 

 

 


Related Links:

http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.html

https://progressive-comp.com/?l=full-disclosure&m=142601071700617&w=2

http://seclists.org/fulldisclosure/2015/Mar/58

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1699

http://lists.openwall.net/full-disclosure/2015/03/10/8

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142601071700617&w=2

http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2563/

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551597501701&w=2

https://cxsecurity.com/issue/WLB-2015020091

https://www.facebook.com/permalink.php?story_fbid=935563809832135&id=874373602617823

http://t.qq.com/p/t/482410003538035

http://biboying.lofter.com/post/1cc9f4f5_6ee2aa5

http://mathpost.tumblr.com/post/118768553885/xingti-cve-2015-2563-vastal-i-tech-phpvid

http://essayjeans.lofter.com/post/1cc7459a_6ee4fcb

http://xingti.tumblr.com/post/118768481545/cve-2015-2563-vastal-i-tech-phpvid-1-2-3-sql

https://plus.google.com/113698571167401884560/posts/gftS84rfD3A

https://itswift.wordpress.com/2015/05/12/cve-2015-2563-vastal-i-tech-phpvid/

https://www.facebook.com/essayjeans/posts/827458144012006

https://tetraph.wordpress.com/2015/05/12/cve-2015-2563-vastal-i-tech-phpvid/

http://mathstopic.blogspot.com/2015/05/cve-2015-2563-vastal-i-tech-phpvid-123.html

http://yurusi.blogspot.sg/2015/05/cve-2015-2563-vastal-i-tech-phpvid-123.html

https://twitter.com/tetraphibious/status/598057025247907840

http://tetraph.blog.163.com/blog/static/23460305120154125453111/


Advertisements

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities

outsourcing-computer-security

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities


Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities
Product: DLGuard
Vendor: DLGuard
Vulnerable Versions: v4.5
Tested Version: v4.5
Advisory Publication: January 18, 2015
Latest Update: March 20, 2015
Vulnerability Type: Information Exposure [CWE-200]
CVE Reference: CVE-2015-2209
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information
Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)
 





Consultation Details:


(1) Vendor & Product Description:


Vendor:
DLGuard


Product & Version:
DLGuard
v4.5


Vendor URL & Download:
DLGuard can be obtained from here,


Product Introduction Overview:
“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don’t have the time for.”


“DLGuard supports the three types, or methods, of sale on the internet:
<1>Single item sales (including bonus products!)
<2>Multiple item sales
<3>Membership websites”


“DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal’s E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before.”





(2) Vulnerability Details:
DLGuard web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
 
Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to important vulnerabilities.

(2.1) The first bug flaw occurs at “&c” parameter in “index.php?” page.

 

 
 
 
 

 
 
 
 

 
References:

CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities

shutterstock_90909827-e1353008050857

CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities



Exploit Title: CVE-2015-2242 Webshop hun v1.062S /index.php Multiple Parameters SQL Injection Web Security Vulnerabilities

Product: Webshop hun

Vendor: Webshop hun

Vulnerable Versions: v1.062S

Tested Version: v1.062S

Advisory Publication: February 21, 2015

Latest Update: March 10, 2015

Vulnerability Type: Improper Control of Generation of Code (‘Code Injection’) [CWE-94]

CVE Reference: CVE-2015-2242

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Credit: Wang Jing [School of  Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)








Persuasion Details:



(1) Vendor & Product Description:



Vendor:

Webshop hun



Product & Version:

Webshop hun

v1.062S



Vendor URL & Download:

Webshop hun can be token from here,

http://www.webshophun.hu/index



Product Introduction Overview:

Webshop hun is an online product sell web application system.


“If our webshop you want to distribute your products, but it is too expensive to find on the internet found solutions, select the Webshop Hun shop program and get web store for free and total maker banner must display at the bottom of the page 468×60 size. The download shop program, there is no product piece limit nor any quantitative restrictions, can be used immediately after installation video which we provide assistance.


“The Hun Shop store for a free for all. In our experience, the most dynamic web solutions ranging from our country. If the Webshop Hun own image does not suit you, you can also customize the look of some of the images and the corresponding text replacement, or an extra charge we can realize your ideas. The Webshop Hun pages search engine optimized. They made the Hun Shop web program to meet efficiency guidelines for the search engines. The pages are easy to read and contain no unnecessary HTML tags. Any web page is simply a few clicks away.”






(2) Vulnerability Details:

Webshop hun web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Several similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Webshop hun has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities.


(2.1) The vulnerability occurs at “&termid” “&nyelv_id” parameters in “index.php?” page.








References:

724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

enigma_sifre_cozucu_nettekeyif.net

 

724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

 

Exploit Title: 724CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 15, 2015

Latest Update: March 15, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

 

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

 

Vendor URL & download:

724CMS can be purchased from here,

http://724cms.com/

 

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Meanwhile, 724CMS provides procedures to manage workflow in a collaborative environment.”

“A CMS helps you create and store content in a shared repository. It then manages the relationships between content items for you (e.g. keeping track of where they fit into the site hierarchy). Finally, it ensures that each content item is connected to the right style sheet when it comes to be published. Some CMSs also provide facilities to track the status of content items through editorial processes and workflows.”

 

 

(2) Vulnerability Details:

724CMS web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several 724CMS products vulnerabilities have been found by some other bug hunter researchers before. 724CMS has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to 724CMS vulnerabilities.

 

(2.1) The first code programming flaw occurs at “/index.php” page with “&Lang” parameter.

(2.2) The second code programming occurs at “/section.php” page with “&Lang”, “&ID”, “&Nav” parameters.

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/724cms-501-multiple-xss-cross-site.html

http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

https://computertechhut.wordpress.com/2015/03/14/724cms-5-01-multiple-xss-cross-site-scripting-security-vulnerabilities/

http://marc.info/?l=full-disclosure&m=142576259903051&w=4

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01737.html

http://en.hackdig.com/?16117.htm

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

08NEncryptionKeymaster-1374242307339

 

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

 

Exploit Title: 724CMS /section.php Module Parameter Directory Traversal Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

 

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

 

Vendor URL & download:

724CMS can be bargained from here,

http://724cms.com/

 

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Meanwhile, 724CMS provides procedures to manage workflow in a collaborative environment.”

“A CMS helps you create and store content in a shared repository. It then manages the relationships between content items for you (e.g. keeping track of where they fit into the site hierarchy). Finally, it ensures that each content item is connected to the right style sheet when it comes to be published. Some CMSs also provide facilities to track the status of content items through editorial processes and workflows.”

 

 

(2) Vulnerability Details:

724CMS web application has a security bug problem. It can be exploited by Directory Traversal – Local File Include (LFI) attacks. A local file inclusion (LFI) flaw is due to the script not properly sanitizing user input, specifically path traversal style attacks (e.g. ‘../../’) supplied to the parameters. With a specially crafted request, a remote attacker can include arbitrary files from the targeted host or from a remote host . This may allow disclosing file contents or executing files like PHP scripts. Such attacks are limited due to the script only calling files already on the target host.

Several 724CMS products vulnerabilities have been found by some other bug hunter researchers before. 724CMS has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to 724CMS vulnerabilities.

 

(2.1) The first cipher programming flaw occurs at “/section.php” page with “&Module” parameter.

 

 

 

 

References:

http://www.tetraph.com/security/directory-traversal-vulnerability/724cms-5-01-directory-path-traversal-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/724cms-501-directory-path-traversal.html

http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-directory-path-traversal-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-directory-path-traversal-security-vulnerabilities/

https://computertechhut.wordpress.com/2015/03/14/724cms-5-01-directory-path-traversal-security-vulnerabilities/

http://marc.info/?a=139222176300014&r=1&w=4

http://en.hackdig.com/wap/?id=17404

 

CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities

 shutterstock_22320859
 

CVE-2015-1475  – My Little Forum Multiple XSS Web Security Vulnerabilities

Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities

Vendor: My Little Forum

Product: My Little Forum

Vulnerable Versions: 2.3.3  2.2  1.7

Tested Version: 2.3.3  2.2  1.7

Advisory Publication: February 04, 2015

Latest Update: February 11, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2015-1475

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)

 
 
 

Recommendation Details:


(1) Vendor & Product Description


Vendor:

My Little Forum

Product & Version:

My Little Forum

2.3.3

2.2

1.7

Vendor URL & Download:

Product Description:

“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.


Features

Usenet like threaded tree structure of the messages

Different views of the threads possible (classical, table, folded)

Categories and tags

BB codes and smilies

Image upload

Avatars

RSS Feeds

Template engine (Smarty)

Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)

Localization: language files, time zone and UTF-8 support (see current version for already available languages)”

 
 

(2) Vulnerability Details:

My Little Forum  web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.

(2.1) The first programming code flaw occurs at “forum.php?” page with “&page”, “&category” parameters.

(2.2) The second programming code flaw occurs at “board_entry.php?” page with “&page”, “&order” parameters.

(2.3) The third programming code flaw occurs at  “forum_entry.php” page with “&order”, “&page” parameters.

 
 
 
 

References:

http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html

http://seclists.org/fulldisclosure/2015/Feb/15

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01652.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553

http://packetstormsecurity.com/files/authors/11270

http://marc.info/?a=139222176300014&r=1&w=4

http://lists.openwall.net/full-disclosure/2015/02/03/2

http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html

http://www.osvdb.org/creditees/12822-wang-jing

https://infoswift.wordpress.com/2015/05/12/cve-2015-1475-my-little-forum-multiple-xss-web-security-vulnerabilities/

https://twitter.com/tetraphibious/status/597971919892185088

http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html

https://www.facebook.com/tetraph/posts/1649600031926623

http://user.qzone.qq.com/2519094351/blog/1431403836

https://www.facebook.com/permalink.php?story_fbid=460795864075109&id=405943696226993

https://plus.google.com/+wangfeiblackcookie/posts/Sj63XDPhH1j

http://essayjeans.blog.163.com/blog/static/2371730742015412037547/#

http://whitehatpost.lofter.com/post/1cc773c8_6ed5839

http://whitehatview.tumblr.com/post/118754859716/cve-2015-1475-my-little-forum-multiple-xss-web

 

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities

morgan.austin-540x360

 

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities
Product: vBulletin Forum
Vendor: vBulletin
Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4
Tested Version: 5.1.3 4.2.2
Advisory Publication: Feb 12, 2015
Latest Update: Feb 12, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9469
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore] (@justqdjing)

 
 
 

Advisory Details:

 

(1) Vendor & Product Description:

 

Vendor:
vBulletin

 

Product & Version:
vBulletin Forum
5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4

 

Vendor URL & Download:
vBulletin can be downloaded from here,

 

Product Introduction:
“vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server.”
“Since the initial release of the vBulletin forum product in 2000, there have been many changes and improvements. Below is a list of the major revisions and some of the changes they introduced. The current production version is 3.8.7, 4.2.2, and 5.1.3.”

 

(2) Vulnerability Details:
vBulletin has a security problem. It can be exploited by XSS attacks.

 

(2.1) The vulnerability occurs at “forum/help” page. Add “hash symbol” first. Then add script at the end of it.

 

 
 
 

References: