lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040820225036.17877.qmail@www.securityfocus.com>
Date: 20 Aug 2004 22:50:36 -0000
From: Jose Antonio <joxeankoret@...oo.es>
To: bugtraq@...urityfocus.com
Subject: Multiple vulnerabilities in  MyDMS




--------------------------------------------------------------------------- 
                Multiple vulnerabilities in  MyDMS  
--------------------------------------------------------------------------- 
 
Author: Joxean Koret 
Date: 2004  
Location: Basque Country 
 
--------------------------------------------------------------------------- 
 
Affected software description: 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 
MyDMS 
 
MyDMS is an open-source 
document-management-system based on PHP 
and MySQL  
published under the GPL. 
 
Web : http://dms.markuswestphal.de/about.html 
 
--------------------------------------------------------------------------- 
 
Vulnerabilities: 
~~~~~~~~~~~~~~~~ 
 
A. SQL Injection Vulnerability 
 
A1. An SQL Injection vulnerability found in the 
file /demo/out/out.ViewFolder.php.  
The parameter "FolderId" is not correctly 
sanitized and an attacker can inject 
any SQL valid command. You can try the error : 
 
	
http://<host-with-mydmbs>/demo/out/out.ViewFolder.php?folderid=3 
or 1=1as 
 
NOTE : I put or 1=1as, well, this doesn't work, 
but you can see the entire  
SQL query that the server executes. 
 
B. Unspecified File Download Vulnerability 
 
B1. An error in the MyDMS software allows to a 
registered users (and only to 
registered users) to download any file, such 
as /etc/passwd, by inserting in a  
parameter a text such as ../../../../../etc/passwd. 
 
Affected Versions :  
~~~~~~~~~~~~~~~~~~~ 
 
The SQL Injection problem is in versions prior to 
1.4.2. 
The file download problem is in all versions. 
 
The fix: 
~~~~~~~~ 
 
The SQL Injection problem is corrected in the 
version 1.4.2. 
The file download problem is not corrected but 
vendor is contacted.  
 
--------------------------------------------------------------------------- 
Contact: 
~~~~~~~~ 
 
	Joxean Koret at 
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es 
 
 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ