[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43799F04.10705@beccati.com>
Date: Tue, 15 Nov 2005 09:40:36 +0100
From: Matteo Beccati <matteo@...cati.com>
To: bugtraq@...urityfocus.com
Cc: phpsec@...arch.com, full-disclosure@...ts.grok.org.uk
Subject: [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds
2.0.7 fix multiple vulnerabilities
========================================================================
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-002
------------------------------------------------------------------------
Advisory ID: PHPADSNEW-SA-2005-002
Date: 2005-Nov-15
Security risk: highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected: <= 2.0.6
Versions not affected: >= 2.0.7
========================================================================
========================================================================
Vulnerability 1: SQL injection
------------------------------------------------------------------------
Impact: database access (+ potential system access)
Where: from remote
========================================================================
Description
-----------
Toni Koivunen reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the session id
cookie. Kevin Fernandez "Siegfried" of Zone-H reported further dangerous
exploitation techniques to gain access to the whole database. Depending
on the database user permissions, an attacker could also gain
access to the local filesystem.
Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.
References
----------
http://www.fitsec.com/advisories/FS-05-01.txt
http://www.zone-h.org/en/advisories/read/id=8413/
========================================================================
Vulnerability 2: HTTP response splitting
------------------------------------------------------------------------
Impact: application admin access
Where: from remote
========================================================================
Description
-----------
Toni Koivunen reported multiple HTTP response splitting vulnerabilities
in phpAdsNew and phpPgAds. Many of them could only be made if the
attacker already has access to the administration interface. A
vulnerability adclick.php could be exploited without access to the
application interface.
Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.
References
----------
http://www.fitsec.com/
========================================================================
Vulnerability 3: full path disclosure
------------------------------------------------------------------------
Impact: information disclosure
Where: from remote
========================================================================
Description
-----------
Toni Koivunen reported multiple full path disclosure vulnerabilities in
phpAdsNew and phpPgAds. One of them could also reveal information about
files modified or added by the system administrator, using phpAdsNew's
own file integrity check system, given that the webserver user has
enough permissions.
Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.
References
----------
http://www.fitsec.com/advisories/FS-05-01.txt
Contact informations
====================
The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>
Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists