| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <53AC2FC2.20009@secveritas.com> Date: Thu, 26 Jun 2014 15:35:46 +0100 From: info <info@...veritas.com> To: fulldisclosure@...lists.org Subject: [FD] SECV-05-1402 - Reportico php admin credentials leak -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SECV-05-1402 - Reportico software admin credentials leak Product description: Reportico is a comprehensive Open Source web reporting tool written purely in PHP. Reportico provides a web-based front end screen for designing and viewing reports stored in XML format. Reportico supports flexible criteria selection and reports may be presented in HTML, PDF, CSV, XML and JSON formats. Groups, graphs, expressions and drilldowns are also easily incorporated and reports may be embedded into existing web pages with a few lines of PHP. CVE-ID: CVE-2014-3777 Affected versions: All versions prior to 4.0 including plugins Vendor url:http://www.reportico.org Vulnerability status: Fixed Advisory url: http://www.secveritas.com/secv-05-1402.html Vulnerability details: By loading the admin template an attacker could access all information for a report including database credentials and admin password for the report. This could be obtained due lack of proper check of the URL parameter xmlin. By changing the parameter in the HTTP request to xmlin=../admin/configureproject.xml an attacker would obtain project administration. Timeline: 13th May 14 - First contact with reportico.org developer 15th May 14 - Vulnerability reported with evidences and full problem description and fix proposal 18th May 14 - Correction of the problem following proposal from SECVeritas 20th May 14 - New version made available for re-testing 21st May 14 - New version tested some sugestions made for improvement 1st Jun 14 - Final version created by developer, waiting for release 28th Jun 14 - Public disclosure of the vulnerability. Credits: ms - secveritas.com 2014 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJTrC/CAAoJEN3eoZ/uAn514A0H/08oAI7WQCZ8x+vVpq3oYPr+ 5+rvSKAhW+GGNnEo7Xe8El4p7J4IxVpncGpCfO8X9NBVMP3rdnweaCrSoylmBoej dzhxXAZYPZkekKBSBAqVoTK7RMHj1ptDjG2vt/Z5wQM+ywK9hB03fxQWJ5LwTCZK SbBZa6Sa53SIJqhAK5MWa0+zCTaScs39jj2GVhwYkQd7YhsztcGf0bCj1MFByUVA /9YKqamBuhymk2JjXl4KPIZX01zFe3/GEcYU6kupuKirgi/kh1CsmDMlfi9+cdrn QWv3VW/V3XbpyPuzOt+TCbBo48CnxqcYRB2QhiFI9eyxLJbdFqW2piIhvnNKAJo= =+6d1 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists