lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <04d001cc668e$0d394cf0$9b7a6fd5@ml>
Date: Mon, 29 Aug 2011 23:55:38 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>
Subject: Vulnerabilities in ClickCMS

Hello list!

I want to warn you about Insufficient Anti-automation and Denial of Service
vulnerabilities in ClickCMS, which is included in ClickEMU.

This is one of few advisories which I've made in April 2010, but didn't
publish to the lists due to large flame by moaners and double standarters
(so I gave them a rest). In this advisory I'm continue to inform readers of
mailing lists about vulnerable web applications which are using
CaptchaSecurityImages.php.

-------------------------
Affected products:
-------------------------

Vulnerable are all versions of ClickCMS and all versions of ClickEMU which
contains ClickCMS.

I've already wrote last year the recommendations about fixing these issues
in another my advisory concerning vulnerable web application with
CaptchaSecurityImages.php. As I wrote earlier
(http://www.securityfocus.com/archive/1/511023), developers of
CaptchaSecurityImages.php fixed this hole at 27.03.2007. So one of the way
to fix these issues is to use fixed version of the script or to make
appropriate changes in ClickCMS' version of the script.

----------
Details:
----------

These are Insufficient Anti-automation and Denial of Service
vulnerabilities.

The vulnerabilities exist in captcha script CaptchaSecurityImages.php, which
is using in this system. I already wrote at my site about vulnerabilities in
CaptchaSecurityImages (http://websecurity.com.ua/4043/).

Insufficient Anti-automation (WASC-21):

http://site/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2

Captcha bypass is possible as via half-automated or automated (with using of
OCR) methods, which were mentioned before (http://websecurity.com.ua/4043/),
as with using of session reusing with constant captcha bypass method
(http://websecurity.com.ua/1551/), which was described in project Month of
Bugs in Captchas. Last variant of attack is possible due to incorrect
implementation of protection in the system against this captcha bypass
method.

DoS (WASC-10):

http://site/captcha/CaptchaSecurityImages.php?width=1000&height=9000

With setting of large values of width and height it's possible to create
large load at the server.

------------
Timeline:
------------

2010.04.09 - disclosed at my site.
2010.04.10 - informed developer through Assembla. Because author didn't
leave any contact information, so I wrote a letter to Assembla, the hoster
of this web application. And besides this webapp, I also reminded them about
all other vulnerable webapps, which I informed them during March-April
(which they were hosting).

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4113/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ