lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6B9BF38A-CCD0-11D8-ADE7-000A957FCF60@miller-group.net>
From: schmad at miller-group.net (Andrew Schmadeke)
Subject: Malicious post by "Manip"

The Security Alert on Centre by  the Miller Group seems to have been  
posted maliciously.

Two of the three vulnerabilities do not exist, and the first one is an  
obvious fabrication.

The link posted demonstrating the first vulnerability actually portrays  
the correct behavior of the program.    
http://demo.miller-group.net/index.php? 
modfunc=create_account&staff&username=admin&staff_id=new  points to a  
page that allows parents and teachers to request access to the program.  
  This program was meant to be open to the public, and, in fact, the  
extra information at the end of the URL  
(&staff&username=admin&staff_id=new) does not affect the program's  
performance.  As you can see,  
http://demo.miller-group.net/index.php?modfunc=create_account functions  
the same as the URL provided by Manip.   
http://demo.miller-group.net/index.php?modfunc=create_account is also a  
link from the Centre login screen titled "Create Account."  There is no  
way to run any other program in Centre without being authenticated.

Also, the third "vulnerability" is not an issue.  All variables in SQL  
statements are encapsulated by single quotes, and Centre expects PHP's  
magic quotes to be on.  Furthermore, single quotes are replaced by  
double single quotes (which cancels the single quote -- same behavior  
as \'). So, SQL injection is impossible in every module of Centre.   
This is obvious throughout the code.

Finally, Manip's second vulnerability did exist in Centre up until  
Version 1.0.  This was not a major vulnerability, since the malicious  
code had to be somewhere on the server running Centre.  However, this  
vulnerability has been dealt with in Version 1.01, released today.  Any  
program not allowed to a user (or any program not in Centre) cannot be  
run.  And, the username and IP address of whomever attempts to run it  
are captured by the system.

--Andrew Schmadeke
The Miller Group
schmad@...ler-group.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1981 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040703/680201a8/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ