lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0403281747070.18887@mail.badcode.org>
Date: Sun, 28 Mar 2004 17:51:07 -0500 (EST)
From: Dotho <dotho@...code.org>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Multiple Vulnerabilities in Cloisterblog web blog/journal





Executive Overview
------------------
Cloisterblog, a general usage web blog written in perl suffers
from multiple XSS and directory transversal issues as well as a design flaw in the admin section.



Program Description
--------------------
Cloisterblog
(http://www.circleofthunder.com/journal/cloisterblog-1.2.2.tar.gz)
"CloisterBlog is simple but feature packed Web-based journal system that does not
require MySQL or manual modification of files"



Issue(s)
-------
Cloisterblog doesn't do any parameter checking on inputs, this leads to
the multiple XSS and directory transversal issues.  In addition, the admin
section of the blog never actually checks the  user id of the user, only
the password.  In addition, no sort of logging  is performed on this
parameter, so it is readable suspectable to brute forcing.


Example(s)/code
---------
/cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00

from journal_admin.pl

sub validateUser {

$password = $passfile[0];
chomp($password);
chomp($pass);

  if ($pass eq $password) {
    return 1;
  } else {
    return 0;
  }
}

($user which is declared in journal_admin.pl is never used)


Remedy/Fixe(s)
--------------
None, delete the blog and either write your own or choose another



Vendor status
-------------
Non Responsive, despite waiting nearly twice as long as we normally do for
at least a "screw you" reply, the authors have not replied, nor released
an updated version. we waitied this long because it appears the author
runs the software him/her self.



--0-0-0
Badcode.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ