LOFTER for ipad —— 让兴趣,更有趣

点击下载 关闭

vulnerability

825浏览    4参与
maodou
IT 计算机&信息网络 技术
CVE-2015-2243 W...

CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities



Exploit Title: CVE-2015-2243 Webshop hun v1.062S /index.php &mappa Parameter Directory Traversal Web Security Vulnerabilities

Product: Webshop hun

Vendor: Webshop hun

Vulnerable Versions: v1.062S

Tested...

CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities



Exploit Title: CVE-2015-2243 Webshop hun v1.062S /index.php &mappa Parameter Directory Traversal Web Security Vulnerabilities

Product: Webshop hun

Vendor: Webshop hun

Vulnerable Versions: v1.062S

Tested Version: v1.062S

Advisory Publication: March 01, 2015

Latest Update: April 28, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22]

CVE Reference: CVE-2015-2243

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)








Introduction Details:



(1) Vendor & Product Description:



Vendor:

Webshop hun



Product & Version:

Webshop hun

v1.062S



Vendor URL & Download:

Webshop hun can be required from here,

http://www.webshophun.hu/index



Product Introduction Overview:

Webshop hun is an online product sell web application system.


"If our webshop you want to distribute your products, but it is too expensive to find on the internet found solutions, select the Webshop Hun shop program and get web store for free and total maker banner must display at the bottom of the page 468x60 size. The download shop program, there is no product piece limit nor any quantitative restrictions, can be used immediately after installation video which we provide assistance.


"The Hun Shop store for a free for all. In our experience, the most dynamic web solutions ranging from our country. If the Webshop Hun own image does not suit you, you can also customize the look of some of the images and the corresponding text replacement, or an extra charge we can realize your ideas. The Webshop Hun pages search engine optimized. They made the Hun Shop web program to meet efficiency guidelines for the search engines. The pages are easy to read and contain no unnecessary HTML tags. Any web page is simply a few clicks away."






(2) Vulnerability Details:

Webshop hun web application has a computer security bug problem. It can be exploited by Directory Traversal - Local File Include (LFI) attacks. A local file inclusion (LFI) flaw is due to the script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../../') supplied to the parameters. With a specially crafted request, a remote attacker can include arbitrary files from the targeted host or from a remote host . This may allow disclosing file contents or executing files like PHP scripts. Such attacks are limited due to the script only calling files already on the target host.


Several similar products vulnerabilities have been found by some other bug hunter researchers before. Webshop hun has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation's most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to website vulnerabilities.



(2.1) The vulnerability occurs at "&mappa" parameter in "index.php?" page.







References:

http://tetraph.com/security/directory-traversal-vulnerability/webshop-hun-v1-062s-directory-traversal-security-vulnerabilities/

http://securityrelated.blogspot.sg/2015/03/webshop-hun-v1062s-directory-traversal.html

http://packetstormsecurity.com/files/130653/Webshop-Hun-1.062S-Directory-Traversal.html

http://marc.info/?l=full-disclosure&m=142551569801614&w=4

http://lists.openwall.net/full-disclosure/2015/03/05/5

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01902.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1666

http://seclists.org/fulldisclosure/2015/Mar/26

http://lists.kde.org/?a=139222176300014&r=1&w=2

http://webcabinet.tumblr.com/post/118677916572/cve-2015-2243-webshop-hun-v1-062s-directory

https://computerpitch.wordpress.com/2015/05/11/cve-2015-2243-webshop-hun-v1-062s-directory-traversal-web-security-vulnerabilities/

http://www.covertredirect.com/tech/

https://plus.google.com/+essayjeans/posts/4yoeMytdEKx

http://whitehatpost.blog.163.com/blog/static/242232054201541122051794/

http://user.qzone.qq.com/2519094351/blog/1431325305

https://www.facebook.com/permalink.php?story_fbid=734394456671300&id=660347734075973

http://germancast.blogspot.de/2015/05/cve-2015-2243-webshop-hun-v1062s.html

https://twitter.com/essayjeans/status/597645566760226816

http://ittechnology.lofter.com/post/1cfbf60d_6eb449f


IT 计算机&信息网络 技术
CVE-2014-9562...

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title:  OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability

Vendor: OptimalSite

Product: OptimalSite Content Management System (CMS) ...

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title:  OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability

Vendor: OptimalSite

Product: OptimalSite Content Management System (CMS) 

Vulnerable Versions: V.1 V2.4

Tested Version: V.1 V2.4

Advisory Publication: January 24, 2015

Latest Update: January 31, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9562

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Credit: Jing Wang [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)





Suggestion Details:


(1) Vendor & Product Description


Vendor: 

OptimalSite


Product & Version: 

OptimalSite Content Management System (CMS) 

V.1

V2.4


Vendor URL & Download:

The product can be obtained from here,

http://www.optimalsite.com/en/


Product Description Overview: 

"Content management system OptimalSite is an online software package that enables the management of information published on a website. OptimalSite consists of the system core and integrated modules, which allow expanding website possibilities and functionality. You may select a set of modules that suits your needs best. 


Website page structure

Website page structure is presented in a tree structure similar to Windows Explorer, so that several page levels can be created for each item on the menu.  The website's structure itself can be easily edited: you can create new website pages, delete unnecessary ones, and temporarily disable individual pages.


Website languages

OptimalSite may be used to create a website in different languages, the number of which is not limited. Different information may be presented in each separate language and the structure of pages in each language may also differ. 


WYSIWYG (What You See Is What You Get) text editor

Using this universal text editor makes posting and replacing information on the website effortless.   Even a minimum knowledge of MS Word and MS Excel will make it easy to use the tools of WYSIWYG text editor and implement your ideas. 


Search function in the system

By using search function system’s administrator is able to find any information that is published in administrative environment. It is possible to execute a search in the whole system and in separate its’ modules as well.


Recycle bin function

System administrator is able to delete useless data.  All deleted data is stored in recycle bin, so administrator can restore information anytime. "


(2) Vulnerability Details:

OptimalSite web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Several other the similar product 0-day vulnerabilities have been found by some other bug hunter researchers before. OptinalSite has patched some of them. "Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services." Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities.



(2.1) The code programming flaw occurs at "&image" parameter in "display_dialog.php" page.





References:

http://www.tetraph.com/blog/xss-vulnerability/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

http://www.inzeed.com/kaleidoscope/xss-vulnerability/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9562

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9562

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01646.html

http://lists.openwall.net/full-disclosure/2015/02/02/3

http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1546

https://redysnowfox.wordpress.com/2015/05/10/cve-2014-9562-optimalsite-content-management-system-cms-xss-cross-site-scripting-web-security-vulnerabilities/

http://japanbroad.blogspot.sg/2015/05/cve-2014-9562-optimalsite-content.html

http://tetraph.blog.163.com/blog/static/234603051201541082835108/

https://www.facebook.com/permalink.php?story_fbid=1025716320801705&id=922151957824809

https://twitter.com/yangziyou/status/597377123976785920

http://www.weibo.com/5337321538/ChdW1skbf?ref=home&rid=0_0_1_2666499023890563989&type=comment#_rnd1431261523301

https://plus.google.com/110001022997295385049/posts/7rNn4ynjzRP

http://itsecurity.lofter.com/post/1cfbf9e7_6e96648

http://securitypost.tumblr.com/post/118602594462/cve-2014-9562-optimalsite-content-management


辛梓檐

Embrace Vulnerability.

过去的一个月渐渐觉得自己无比坚强,从刚来到纽约时觉得这个城市特别嘈杂,嘈杂到听不到自己最歇斯底里的喊叫,到最近的走在下班路上听不到其他任何声音。总以为这种改变是好的,觉得自己是不是真的长大了,适应新环境越来越快。今天看了Brene Brown的TED演讲The Power of Vulnerability,才发觉自己是不是也是numbing vulnerability的人中的一个。可能是一度害怕无法适应,害怕找不到友情,害怕被人群卷走,害怕这个城市太大却无处生活,就把自己关进shield里幻想着自己无坚不摧。其实把自己的脆弱拿出来,小心呵护却也释怀面对,坦然地做一个善良积极也不完美的人,才能换...

过去的一个月渐渐觉得自己无比坚强,从刚来到纽约时觉得这个城市特别嘈杂,嘈杂到听不到自己最歇斯底里的喊叫,到最近的走在下班路上听不到其他任何声音。总以为这种改变是好的,觉得自己是不是真的长大了,适应新环境越来越快。今天看了Brene Brown的TED演讲The Power of Vulnerability,才发觉自己是不是也是numbing vulnerability的人中的一个。可能是一度害怕无法适应,害怕找不到友情,害怕被人群卷走,害怕这个城市太大却无处生活,就把自己关进shield里幻想着自己无坚不摧。其实把自己的脆弱拿出来,小心呵护却也释怀面对,坦然地做一个善良积极也不完美的人,才能换来世界真诚的对待。看到有个朋友的wechat签名是“等世界变温柔”--- 可能当我们放下戒备,不再麻木自己的神经,世界便会展开自己温柔的一面。Let's love with whole heart, practice gratitute and joy because to feel vulnerable is to feel alive.

LOFTER

让兴趣,更有趣

简单随性的记录
丰富多彩的内容
让生活更加充实

下载移动端
关注最新消息