lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43799F04.10705@beccati.com>
Date: Tue, 15 Nov 2005 09:40:36 +0100
From: Matteo Beccati <matteo@...cati.com>
To: bugtraq@...urityfocus.com
Cc: phpsec@...arch.com, full-disclosure@...ts.grok.org.uk
Subject: [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds
 2.0.7 fix multiple vulnerabilities


========================================================================
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-002
------------------------------------------------------------------------
Advisory ID: PHPADSNEW-SA-2005-002
Date: 2005-Nov-15
Security risk: highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected: <= 2.0.6
Versions not affected: >= 2.0.7
========================================================================


========================================================================
Vulnerability 1: SQL injection
------------------------------------------------------------------------
Impact: database access (+ potential system access)
Where: from remote
========================================================================

Description
-----------
Toni Koivunen reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the session id
cookie. Kevin Fernandez "Siegfried" of Zone-H reported further dangerous
exploitation techniques to gain access to the whole database. Depending
on the database user permissions, an attacker could also gain
access to the local filesystem.


Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.

References
----------
http://www.fitsec.com/advisories/FS-05-01.txt
http://www.zone-h.org/en/advisories/read/id=8413/


========================================================================
Vulnerability 2: HTTP response splitting
------------------------------------------------------------------------
Impact: application admin access
Where: from remote
========================================================================

Description
-----------
Toni Koivunen reported multiple HTTP response splitting vulnerabilities
in phpAdsNew and phpPgAds. Many of them could only be made if the
attacker already has access to the administration interface. A
vulnerability adclick.php could be exploited without access to the
application interface.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.

References
----------
http://www.fitsec.com/


========================================================================
Vulnerability 3: full path disclosure
------------------------------------------------------------------------
Impact: information disclosure
Where: from remote
========================================================================

Description
-----------
Toni Koivunen reported multiple full path disclosure vulnerabilities in
phpAdsNew and phpPgAds. One of them could also reveal information about
files modified or added by the system administrator, using phpAdsNew's
own file integrity check system, given that the webserver user has
enough permissions.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.7.

References
----------
http://www.fitsec.com/advisories/FS-05-01.txt


Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>


Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ