| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Nov 2005 09:40:36 +0100 From: Matteo Beccati <matteo@...cati.com> To: bugtraq@...urityfocus.com Cc: phpsec@...arch.com, full-disclosure@...ts.grok.org.uk Subject: [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities ======================================================================== phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-002 ------------------------------------------------------------------------ Advisory ID: PHPADSNEW-SA-2005-002 Date: 2005-Nov-15 Security risk: highly critical Applications affetced: phpAdsNew, phpPgAds Versions affected: <= 2.0.6 Versions not affected: >= 2.0.7 ======================================================================== ======================================================================== Vulnerability 1: SQL injection ------------------------------------------------------------------------ Impact: database access (+ potential system access) Where: from remote ======================================================================== Description ----------- Toni Koivunen reported an SQL injection vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of the session id cookie. Kevin Fernandez "Siegfried" of Zone-H reported further dangerous exploitation techniques to gain access to the whole database. Depending on the database user permissions, an attacker could also gain access to the local filesystem. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.7. References ---------- http://www.fitsec.com/advisories/FS-05-01.txt http://www.zone-h.org/en/advisories/read/id=8413/ ======================================================================== Vulnerability 2: HTTP response splitting ------------------------------------------------------------------------ Impact: application admin access Where: from remote ======================================================================== Description ----------- Toni Koivunen reported multiple HTTP response splitting vulnerabilities in phpAdsNew and phpPgAds. Many of them could only be made if the attacker already has access to the administration interface. A vulnerability adclick.php could be exploited without access to the application interface. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.7. References ---------- http://www.fitsec.com/ ======================================================================== Vulnerability 3: full path disclosure ------------------------------------------------------------------------ Impact: information disclosure Where: from remote ======================================================================== Description ----------- Toni Koivunen reported multiple full path disclosure vulnerabilities in phpAdsNew and phpPgAds. One of them could also reveal information about files modified or added by the system administrator, using phpAdsNew's own file integrity check system, given that the webserver user has enough permissions. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.7. References ---------- http://www.fitsec.com/advisories/FS-05-01.txt Contact informations ==================== The security contact for phpAdsNew and phpPgAds can be reached at: <security AT phpadsnew DOT com> Best regards -- Matteo Beccati http://phpadsnew.com/ http://phppgads.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists