lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 26 Jun 2014 15:35:46 +0100
From: info <info@...veritas.com>
To: fulldisclosure@...lists.org
Subject: [FD] SECV-05-1402 - Reportico php  admin credentials leak


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SECV-05-1402 - Reportico software admin credentials leak

Product description:

Reportico is a comprehensive Open Source web reporting tool written
purely in PHP. Reportico provides a web-based front end screen for
designing and viewing reports stored in XML format. Reportico supports
flexible criteria selection and reports may be presented in HTML, PDF,
CSV, XML and JSON formats. Groups, graphs, expressions and drilldowns
are also easily incorporated and reports may be embedded into existing
web pages with a few lines of PHP.

CVE-ID: CVE-2014-3777

Affected versions: All versions prior to 4.0 including plugins
Vendor url:http://www.reportico.org
Vulnerability status: Fixed
Advisory url: http://www.secveritas.com/secv-05-1402.html

Vulnerability details:

By loading the admin template an attacker could access all information
for a report including database credentials and admin password for the
report.
 This could be obtained due lack of proper check of the URL parameter
xmlin. By changing the parameter in the HTTP request to
xmlin=../admin/configureproject.xml an attacker would obtain project
administration.

Timeline:

13th May 14 - First contact with reportico.org developer
15th May 14 - Vulnerability reported with evidences and full problem
description and fix proposal
18th May 14 - Correction of the problem following proposal from SECVeritas
20th May 14 - New version made available for re-testing
21st May 14 - New version tested some sugestions made for improvement
1st  Jun 14 - Final version created by developer, waiting for release
28th Jun 14 - Public disclosure of the vulnerability.

Credits:
ms - secveritas.com
2014
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJTrC/CAAoJEN3eoZ/uAn514A0H/08oAI7WQCZ8x+vVpq3oYPr+
5+rvSKAhW+GGNnEo7Xe8El4p7J4IxVpncGpCfO8X9NBVMP3rdnweaCrSoylmBoej
dzhxXAZYPZkekKBSBAqVoTK7RMHj1ptDjG2vt/Z5wQM+ywK9hB03fxQWJ5LwTCZK
SbBZa6Sa53SIJqhAK5MWa0+zCTaScs39jj2GVhwYkQd7YhsztcGf0bCj1MFByUVA
/9YKqamBuhymk2JjXl4KPIZX01zFe3/GEcYU6kupuKirgi/kh1CsmDMlfi9+cdrn
QWv3VW/V3XbpyPuzOt+TCbBo48CnxqcYRB2QhiFI9eyxLJbdFqW2piIhvnNKAJo=
=+6d1
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists