lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <452DACE6.9080400@mayhemiclabs.com>
Date: Wed, 11 Oct 2006 22:48:06 -0400
From: Mayhemic Labs Security <security@...hemiclabs.com>
To: full-disclosure@...ts.grok.org.uk,  bugtraq@...urityfocus.com
Subject: MHL-2006-002 Public Advisory:
 "Call-Center-Software" Multiple Security Issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-002 - Public Advisory

+-----------------------------------------------------------+
|    Call-Center-Software Multiple Security Issues          |
+-----------------------------------------------------------+


PUBLISHED ON
  October 11th, 2006


PUBLISHED AT
  http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt
  http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006002


PUBLISHED BY
  Mayhemic Labs
  http://www.mayhemiclabs.com

  security AT mayhemiclabs DOT com
  GPG key: 0x56143F84


APPLICATION
  call-center software
  http://www.call-center-software.org/

  "call-center-software is a free open-source application
  released under the GPL"


AFFECTED VERSIONS
  Versions 0.93 and below


ISSUES
  Call-Center-Software is vulnerable to multiple SQL
  injection attacks and XSS under certain conditons,
  along with privilege escalation.

	1) XSS
	Call-Center-Software does not escape data when handling
	it allowing malicious javascript data to be inserted by
	any user.This is only when Magic Quotes is disabled
	within PHP.
	
	Example:
	A user entering <script>alert("Moo!");</script> into
	the problem description field when submitting the
	problem, will cause the javascript to be executed
	upon viewing or editting the problem.
	
	2) SQL Injection
	Call-Center-Software does not escape data when handling
	it allowing malicious users to inject SQL commands into
	the database. This is only when Magic Quotes is
	disabled within PHP.
	
	Example: By logging into the system with the user
	"'or 1=1 or 1='" the attacker is let into the system with
	full administrative privileges.
	
	3) Privilege Escalation and Password Disclosure
	Call-Center-Software does not check access privileges
	when bringing up the "edit user" screen. This, also
	combined with the lack of hashed password, discloses
	any user on the system's password, username, and other
	information stored within the database.
	
	Example: When logged in as a non administrative user
	a user can go to edit_user.php?user_id=1 and view the
	default admin account's password. Changing the
	user_id variable discloses the corresponding account's
	data.
	

WORKAROUNDS
	Enabling Magic Quotes will negate the XSS and SQL
	injection attacks on affected systems.


SOLUTIONS
	None at this time


REFERENCES
	call-center software - http://www.call-center-software.org/


TIMELINE
	September 25th, 2006
		Vendor/Developer Notified
		Vendor/Developer Response Recieved
		Vendor/Developer Questioned on Patch Availability
		No response
	October 3rd, 2006
		Vendor Followup
		Vendor/Developer Response Recieved
		Vendor/Developer Questioned on Patch Availability
		No response
				
ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License
  http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFLazmzjnMaVYUP4QRAjMLAJwPkXBBfIjxcROLm+w4NgxPi+1XZQCgpW/F
jz7P+B+SzCkde2WZOtAXFxE=
=Gth+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ