lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200605012120.k41LK96S017263@cairo.mitre.org>
Date: Mon, 1 May 2006 17:20:09 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: bugtraq@...urityfocus.com
Subject: Re: CoolMenus Event Remote File Inclusion exploit



botan@...uxmail.org said:

>#Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus
> [Closed]

The new URL appears to be here:

  http://www.dhtmlcentral.com/projects/coolmenus/


>#ColMenus Event Remote File Include Vulnerability#

The CoolMenus code does not appear to be written in PHP.

Downloading the source code from the above URL, we see that there are
a couple ASP files, and mostly .js and .html files.

So, this code is NOT present in CoolMenus:

> require("event_inc.php");
>
>$start = filectime($news);
>
>$jetzt = time();
>
>$update = "$start"+"$timespan";
>
>if($jetzt >= $update)
>
>{include("artmedic_event_html.php");}

(I grepped through version 4 beta 1.06 just to be sure).



However, it looks almost exactly like the code from this disclosure
for Artmedic Event:

  [Kurdish Security #2] Artmedic Event Remote File Include Vulnerability
  http://www.securityfocus.com/archive/1/archive/1/432397/100/0/threaded

with a small difference in variables and file names.

With a download of artmedic event 2.0 from here:

  http://www.artmedic-phpscripts.de/index.php?page=338434555&f=1&i=734394556&s=338434555

we can see that the above code came from artmedic_event.php.


So:

- CoolMenus is being claimed to be vulnerable to PHP remote file
  inclusion, when it isn't written in PHP;

- source code is being quoted which does not exist in CoolMenus

- the quoted source code appears to be derived from artmedic event,
  although there are some changes that are not explained


In short, it is very difficult to figure out what vulnerability is
being reported, and for what product.

- Steve


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ