lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAFWG0-isBmJtq64BdQLaFhNqiPaOOxjShbhqbBdPA+1tfpHGhQ@mail.gmail.com>
Date: Sat, 14 Mar 2015 19:58:59 +0800
From: Jing Wang <justqdjing@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] 724CMS 5.01 Multiple Information Leakage Security
	Vulnerabilities

*724CMS 5.01 Multiple Information Leakage Security Vulnerabilities*



Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01   4.01   4.59   5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]








*Suggestion Details:*



*(1) Vendor & Product Description:*



*Vendor:*

724CMS Enterprise




*Product & Vulnerable Versions:*

724CMS

3.01

4.01

4.59

5.01






*Vendor URL & download:*

724CMS can be got from here,

http://724cms.com/




*Product Introduction Overview:*

724CMS is a content management system (CMS) that has large customers spread
in Canada, Japan, Korean, the United States and many others. It allows
publishing, editing and modifying content, organizing, deleting as well as
maintenance from a central interface. Meanwhile, 724CMS provides procedures
to manage workflow in a collaborative environment.







*(2) Vulnerability Details:*

724CMS web application has a security bug problem. It can be exploited by
information leakage attacks - Full Path Disclosure (FPD). This may allow a
remote attacker to disclose the software's installation path. While such
information is relatively low risk, it is often useful in carrying out
additional, more focused attacks.


Several 724CMS products vulnerabilities have been found by some other bug
hunter researchers before. 724CMS has patched some of them. NVD is the U.S.
government repository of standards based vulnerability management data
(This data enables automation of vulnerability management, security
measurement, and compliance (e.g. FISMA)). It has published suggestions,
advisories, solutions related to 724CMS vulnerabilities.



*(2.1)* The first code programming flaw occurs at "index.php" page with
"&Lang", "&ID" parameters.


*(2.2)* The second code programming flaw occurs at "section.php" page with
"&Lang", "&ID" parameters.








*References:*

http://tetraph.com/security/information-leakage-vulnerability/724cms-5-01-information-leakage-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/724cms-501-information-leakage-security.html

http://www.inzeed.com/kaleidoscope/computer-web-security/724cms-5-01-information-leakage-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/724cms-5-01-information-leakage-security-vulnerabilities/

https://infoswift.wordpress.com/2015/03/14/724cms-5-01-information-leakage-security-vulnerabilities/

http://marc.info/?l=full-disclosure&m=142576280203098&w=4

http://en.hackdig.com/wap/?id=17055






--

Wang Jing,

Division of Mathematical Sciences (MAS),

School of Physical and Mathematical Sciences (SPMS),

Nanyang Technological University (NTU),

Singapore.

http://www.tetraph.com/wangjing/

https://twitter.com/tetraphibious

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ