lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 10 Oct 2007 02:31:09 -0700
From: Victor Brilon <victor@...torland.com>
To: xoxland@...il.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Vulnerabilities

This is a nonexistent vulnerability. The unsanitized variable  
referenced is only used in the Javascript on the page and is never  
passed back for processing by the PHP code, much less in any SQL  
statement. Furthermore, the page that this summary references is only  
accessible by users who have administrative access to the site and  
not by random external users.

In the future Mr "xoxland", it might be good for you to let the  
developers of the software know about your discoveries before you go  
public with them. In this way, you can avoid the embarrassment of  
issuing false advisories as well.

Victor
*definitely NOT speaking for the MODx dev team - these are personal  
opinions*


On Oct 8, 2007, at 11:35 PM, xoxland@...il.com wrote:

>  New Advisory:
> modx-0.9.6
> http://www.dear-pets.com
>
> ——————–Summary—————-
> Software: modx-0.9.6
> Sowtware’s Web Site: http://www.modxcms.com
> Versions: 0.9.6
> Critical Level: Moderate
> Type: Multiple Vulnerabilities
> Class: Remote
> Status: Unpatched
> PoC/Exploit: Not Available
> Solution: Not Available
> Discovered by: http://www.dear-pets.com
>
> —————–Description—————
> 1. SQL Injection.
>
> Vulnerable script: mutate_content.dynamic.php
>
> Parameters ‘documentDirty’, ‘modVariables’ is not
> properly sanitized before being used in SQL query. This can be used to
> make SQL queries by injecting arbitrary SQL code.
>
> Condition: magic_quotes_gpc = off
>
> ————–PoC/Exploit———————-
> Waiting for developer(s) reply.
>
> ————–Solution———————
> No Patch available.
>
> ————–Credit———————–
> Discovered by: http://www.dear-pets.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ