| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 4 Apr 2010 19:24:50 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk> Subject: Vulnerabilities in GunCMS and PhoenixCMS PHP Edition Hello Full-Disclosure! I want to warn you about security vulnerabilities in GunCMS and PhoenixCMS PHP Edition. GunCMS includes HoloCMS 3.1 and accordingly its vulnerabilities. And PhoenixCMS PHP Edition is based on HoloCMS. So I decided to put these vulnerabilities in two CMS into one advisory. ----------------------------- Advisory: Vulnerabilities in GunCMS and PhoenixCMS PHP Edition ----------------------------- URL: http://websecurity.com.ua/4075/ ----------------------------- Timeline: 17.03.2010 - found vulnerabilities. 27.03.2010 - disclosed at my site (first about GunCMS and later about PhoenixCMS PHP Edition). 29.03.2010 - informed developers of GunCMS. 02.04.2010 - informed developers of PhoenixCMS PHP Edition. ----------------------------- Details: These are Insufficient Anti-automation and Denial of Service vulnerabilities. The vulnerabilities exist in captcha script CaptchaSecurityImages.php, which is using in this system. I already reported about vulnerabilities in CaptchaSecurityImages (http://websecurity.com.ua/4043/). Insufficient Anti-automation: In GunCMS: http://site/path/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2 In PhoenixCMS PHP Edition: http://site/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2 Captcha bypass is possible via half-automated or automated (with using of OCR) methods, which were mentioned before (http://websecurity.com.ua/4043/). DoS: In GunCMS: http://site/path/captcha/CaptchaSecurityImages.php?width=1000&height=9000 In PhoenixCMS PHP Edition: http://site/captcha/CaptchaSecurityImages.php?width=1000&height=9000 With setting of large values of width and height it's possible to create large load at the server. Vulnerable are all versions of GunCMS. Vulnerable are PhoenixCMS PHP Edition 1.0.1 and previous versions. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists