Tags
0-day, 2014, 5.1.3, 9469, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, hacker, IT vulnerability, PHP Code, problem, scripting, testing, vBulletion, whitehat, XSS
23 Thursday Jul 2015
Tags
0-day, 2014, 5.1.3, 9469, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, hacker, IT vulnerability, PHP Code, problem, scripting, testing, vBulletion, whitehat, XSS
22 Wednesday Jul 2015
Posted 0day, Hacker Tech, XSS
inTags
0-day, 2015-2349, 5.50, attack, browser, bug, client-side, computer, cve, cyber, defense, exploit, flaw, hacker, IEEE, internet, IT, JingWang, Research, security, singapore, spms, SuperWebMailer, vulnerability, web, web application, white-hat, XSS
CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities
Exploit Title: CVE-2015-2349 – SuperWebMailer /defaultnewsletter.php” HTMLForm Parameter XSS Web Security Vulnerabilities
Product: SuperWebMailer
Vendor: SuperWebMailer
Vulnerable Versions: 5.*.0.* 4.*.0.*
Tested Version: 5.*.0.* 4.*.0.*
Advisory Publication: March 11, 2015
Latest Update: May 03, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-2349
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Author and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Information Details:
(1) Vendor & Product Description:
Vendor:
SuperWebMailer
Product & Vulnerable Versions:
SuperWebMailer
5.60.0.01190
5.50.0.01160
5.40.0.01145
5.30.0.01123
5.20.0.01113
5.10.0.00982
5.05.0.00970
5.02.0.00965
5.00.0.00962
4.50.0.00930
4.40.0.00917
4.31.0.00914
4.30.0.00907
4.20.0.00892
4.10.0.00875
Vendor URL & Download:
SuperWebMailer can be gained from here,
Product Introduction Overview:
“Super webmail is a web-based PHP Newsletter Software. The web-based PHP Newsletter Software Super webmail is the optimal solution for the implementation of a successful e-mail marketing.”
“To use the online PHP Newsletter Script is your own website / server with PHP 4 or newer, MySQL 3.23 or later and the execution of CronJobs required. Once installed, the online newsletter software Super webmail can be served directly in the browser. The PHP Newsletter Tool Super webmail can therefore be used platform-independent all operating systems such as Windows, Linux, Apple Macintosh, with Internet access worldwide. The PHP Newsletter Script allows you to manage your newsletter recipients including registration and deregistration from the newsletter mailing list by double-opt In, Double Opt-Out and automatic bounce management. Send online your personalized newsletter / e-mails in HTML and Text format with embedded images and attachments immediately in the browser or by CronJob script in the background immediately or at a later. With the integrated tracking function to monitor the success of the newsletter mailing, if thereby the openings of the newsletter and clicks on links in the newsletter graphically evaluated and presented. Put the integrated autoresponder to autorun absence messages or the receipt of e-mails to confirm.”
“It is now included CKEditor 4.4.7. An upgrade to the latest version is recommended as an in CKEditor 4.4.5 Vulnerability found. Super webmail from immediately contains new chart component for the statistics that do not need a flash and are therefore also represented on Apple devices. For the Newsletter tracking statistics is now an easy print version of the charts available that can be printed or saved with PDF printer driver installed in a PDF file. When viewing the e-mails in the mailing lists of the sender of the email is displayed in a column that sent the e-mail to the mailing list. For form creation for the newsletter subscription / cancellation are now available variant”
(2) Vulnerability Details:
SuperWebMailer web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other related products 0-day vulnerabilities have been found by some other bug hunter researchers before. SuperWebMailer has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to web application vulnerabilities.
(2.1) The programming code flaw occurs at “&HTMLForm” parameter in “defaultnewsletter.php?” page.
Related Work:
http://seclists.org/fulldisclosure/2015/Mar/55
http://www.securityfocus.com/bid/73063
http://lists.openwall.net/full-disclosure/2015/03/07/3
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819
http://packetstormsecurity.com/files/131288/ECE-Projects-Cross-Site-Scripting.html
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551542201539&w=2
https://cxsecurity.com/issue/WLB-2015030043
http://aibiyi.lofter.com/post/1cc9f4e9_6edf9bf
http://tetraph.tumblr.com/post/118764414962/canghaixiao-cve-2015-2349-superwebmailer
http://canghaixiao.tumblr.com/post/118764381217/cve-2015-2349-superwebmailer-5-50-0-01160-xss
http://essaybeans.lofter.com/post/1cc77d20_6edf28c
https://www.facebook.com/essaybeans/posts/561250300683107
https://twitter.com/essayjeans/status/598021595974602752
https://www.facebook.com/pcwebsecurities/posts/687478118064775
http://tetraph.blog.163.com/blog/static/234603051201541231655569/
https://plus.google.com/112682696109623633489/posts/djqcrDw5dQp
http://essayjeans.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html
https://mathfas.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
http://aibiyi.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html
16 Tuesday Jun 2015
Posted 0day, Computer Security, XSS
inTags
0-day, 2014, 9468, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, hacker, InstantASP, InstantForum, IT vulnerability, NET, PHP Code, problem, scripting, testing, v3.4.0, v4.1.3, whitehat, XSS
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
Product: InstantForum.NET
Vendor: InstantASP
Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Tested Version: v4.1.3 v4.1.1 v4.1.2
Advisory Publication: February 18, 2015
Latest Update: April 05, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9468
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Preposition Details:
(1) Vendor & Product Description:
Vendor:
InstantASP
Product & Version:
InstantForum.NET
v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Vendor URL & Download:
InstantForum.NET can be purchased from here,
http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html
Product Introduction Overview:
“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements.“
“The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators.”
“The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum.”
(2) Vulnerability Details:
InstantForum.NET web application has a cyber security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. InstantForum has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, cyber intelligence, attack defense and solutions details related to important vulnerabilities.
(2.1) The first programming code flaw occurs at “&SessionID” parameter in “Join.aspx?” page.
(2.2) The second programming code flaw occurs at “&SessionID” parameter in “Logon.aspx?” page.
References:
http://securityrelated.blogspot.com/2015/02/cve-2014-9468-instantasp.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9468
http://packetstormsecurity.com/files/authors/11717
http://marc.info/?a=139222176300014&r=1&w=4
https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B
http://lists.openwall.net/full-disclosure/2015/02/18/7
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1608
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01704.html
http://seclists.org/fulldisclosure/2015/Feb/70
http://www.inzeed.com/kaleidoscope/cves/cve-2014-9468/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/cve-2014-9468/
https://vulnerabilitypost.wordpress.com/2015/02/18/cve-2014-9468/
https://mathfas.wordpress.com/2015/05/13/cve-2014-9468/
http://www.tetraph.com/blog/cves/cve-2014-9468/
http://computerobsess.blogspot.com/2015/05/cve-2014-9468-instantasp.html
15 Wednesday Apr 2015
Posted Computer Technology, IT Security
inTags
0-day, application, attack, browser, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, website, white-hat
Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security Vulnerabilities
Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities
Product: Supesite CMS (Content Management System)
Vendor: ComSenz
Vulnerable Versions: 6.0.1UC 7.0
Tested Version: 7.0
Advisory Publication: April 15, 2015
Latest Update: April 15, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]
Proposition Details:
(1) Vendor & Product Description:
Vendor:
Comsenz
Product & Vulnerable Versions:
SupeSite 6.0.1UC
SupeSite 7.0
Vendor URL & Download:
SupeSite can be brought from here,
http://www.comsenz.com/products/other/supesite
http://www.comsenz.com/downloads/install/supesite#down_open
Source code:
http://www.8tiny.com/source/supesite/nav.html?index.html
Product Introduction Overview:
“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be achieved within the forum (Discuz!), personal space (X-Space) information content aggregation. Any webmaster , are available through SupeSite, easy to build a community portal for Web2.0.”
“Through grade audit operations, audit managers can publish information on the station to rank classification, shield, remove the handle, which can display information on the effective control of the site’s pages. When the audit information, the audit level is set to shield information, the information will no longer appear on the page aggregation site, but the user’s own personal space is still displayed above. If you want to completely shield the information, use the delete function. Audit information is divided into five levels, you can page polymerization conditions, freedom of information conducted classification. The default user information released pending state audit level. Administrators can set up the site, set whether to allow the pending status of the information displayed on the site aggregation page.”
(2) Vulnerability Details:
SupeSite web application has a security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other SupeSite products 0-day vulnerabilities have been found by some other bug hunter researchers before. SupeSite has patched some of them. Exploit Archive provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The vulnerability occurs at article’s title field. Supesite filter script code such as JavaScript. However, it doesn’t filter VBScript. So a normal user can insert VBScript in an article he/she published. Everyone who visits this article will be affected by the XSS attack.
References:
http://www.tetraph.com/security/xss-vulnerability/comsenz-supesite-cms-stored-xss/
http://securityrelated.blogspot.com/2015/04/comsenz-supesite-cms-stored-xss-cross.html
http://www.inzeed.com/kaleidoscope/computer-web-security/comsenz-supesite-cms-stored-xss/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/comsenz-supesite-cms-stored-xss/
https://computerpitch.wordpress.com/2015/04/15/comsenz-supesite-cms-stored-xss/
http://www.irist.ir/exploits-2836.html
http://exploitarchive.com/webshop-hun-1-062s-cross-site-scripting/
http://lists.openwall.net/full-disclosure/2015/03/02/3
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1727
15 Wednesday Apr 2015
Posted IT Security, Web Technology
inTags
0-day, application, attack, browser, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, website, white-hat
Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities
Exploit Title: Webs ID /login.jsp &error Parameter Reflected XSS (Cross-site Scripting) Security
Vendor: Webs, Inc
Product: Webs ID
Vulnerable Versions:
Tested Version:
Advisory Publication: April 02, 2015
Latest Update: April 02, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]
Proposition Details:
(1) Vendor & Product Description:
Vendor:
Webs, Inc
Product & Vulnerable Versions:
Webs ID
Vendor URL & download:
Webs ID can be obtained from here,
http://www.webs.com/blog/2010/04/20/new-easier-way-to-manage-websid-account-settings/
Terms of Service Overview:
” The services offered by Webs, Inc. (“Webs” or “us” or “we” or “our”) include the websites at http://www.webs.com and http://www.freewebs.com as well as any other related websites, toolbars, widgets, or other distribution channels we may, from time to time, operate (collectively, “Webs.com”) and any other features, content, services or applications offered, from time to time, by us (collectively, the “Services”). This agreement (the “Terms of Service” or “Agreement”) sets forth legally binding terms for your use of the Services. By using the Services, you agree to be bound by these Terms of Service, whether you are a “Website Creator” (which means that you have registered to utilize our tools to build a website (“Website”)), a “Member” (which means that you have registered on one of the Webs.com hosted Websites), a “Visitor” (which means that you are visiting Webs.com or any hosted Website), or an “Application Developer” (which means that you have been approved to build or deploy your application or anything else that receives data (an “Application”) on Webs.com). The term “User” refers to a Visitor or a Member or a Website Creator. By browsing or registering with, creating or using any Website, Application or Service on Webs.com you are agreeing to these Terms of Service, and these Terms of Service along with any other guidelines we may post from time to time, such as our Privacy Policy and Application Developer Terms (collectively, the “Guidelines”) will govern your use of the Services. If you do not agree to these Terms of Service or any of the Guidelines, you must cease use of the Services.”
“You represent that you are fully able and competent to enter into the terms, conditions, obligations, representations and warranties set forth in these Terms of Service. If you are using or creating a Website or Application on or through Webs.com as a representative of a company or legal entity, (i) you represent that you have the authority to enter into this Agreement on behalf of that company or entity, and (ii) you agree that the terms “you” and “your” in this Agreement refers to your company or legal entity. ”
(2) Vulnerability Details:
Webs ID web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other Webs ID products 0-day vulnerabilities have been found by some other bug hunter researchers before. Webs ID has patched some of them. Gmane (pronounced “mane”) is an e-mail to news gateway. It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list’s inclusion on the service. It has published suggestions, advisories, solutions related to XSS vulnerabilities.
(2.1) The first code programming flaw occurs atoccurs at “/login.jsp?” page with “&error” parameter.
References:
http://www.tetraph.com/security/xss-vulnerability/webs-id-reflected-xss/
http://securityrelated.blogspot.com/2015/04/webs-id-reflected-xss-cross-site.html
http://www.inzeed.com/kaleidoscope/computer-web-security/webs-id-reflected-xss/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/webs-id-reflected-xss/
https://computerpitch.wordpress.com/2015/04/15/webs-id-reflected-xss/
http://www.irist.ir/author-Wang%20Jing.html
http://exploitarchive.com/webshop-hun-1-062s-cross-site-scripting/
http://lists.openwall.net/full-disclosure/2015/02/03/2
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1821
04 Saturday Apr 2015
Posted IT Security
inTags
0-day, application, attack, browser, code programming, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, website bug flaw, white-hat
Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor: TennisConnect
Vulnerable Versions: 9.927
Tested Version: 9.927
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8490
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]
http://blog.163.com/greensun_2006/blog/static/11122112201511194023591/
04 Saturday Apr 2015
Posted IT Security
inTags
0-day, application, attack, browser, code programming, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, website bug flaw, white-hat
Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9557
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]
04 Saturday Apr 2015
Posted IT Security
inTags
0-day, application, attack, browser, code programming, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, website bug flaw, white-hat
The Weather Channel fixes web app flaws
The Weather Channel has fixed a common web application security problem on its website that made nearly all links vulnerable to cross-site scripting attacks.
Wang Jing, a doctoral student at the School of Physical and Mathematical Sciences at Nanyang Technological University in Singapore, found more than 75 percent of the Web pages on Weather.com were vulnerable.
“Attackers just need to add script at the end of The Weather Channel’s URLs,” Wang wrote. “Then the scripts will be executed.”
15 Sunday Feb 2015
Posted IT Security
inTags
0-day, application, attack, browser, code programming, coding, computer, cve, cyber-security, database, exploit, hacker, information, internet, IT, php, scripting, security, technology, test, vulnerability, web, website bug flaw, white-hat
11 Wednesday Feb 2015
Posted 0day, Computer Security, XSS
inTags
0-day, 1475, 2.3.3, 2015, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, forum, hacker, IT vulnerability, my little, PHP Code, problem, scripting, testing, whitehat, XSS
CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities
Vendor: My Little Forum
Product: My Little Forum
Vulnerable Versions: 2.3.3 2.2 1.7
Tested Version: 2.3.3 2.2 1.7
Advisory Publication: February 04, 2015
Latest Update: February 11, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-1475
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)
Recommendation Details:
(1) Vendor & Product Description
Vendor:
My Little Forum
Product & Version:
My Little Forum
2.3.3
2.2
1.7
Vendor URL & Download:
Product Description:
“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.
Features
Usenet like threaded tree structure of the messages
Different views of the threads possible (classical, table, folded)
Categories and tags
BB codes and smilies
Image upload
Avatars
RSS Feeds
Template engine (Smarty)
Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)
Localization: language files, time zone and UTF-8 support (see current version for already available languages)”
(2) Vulnerability Details:
My Little Forum web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The first programming code flaw occurs at “forum.php?” page with “&page”, “&category” parameters.
(2.2) The second programming code flaw occurs at “board_entry.php?” page with “&page”, “&order” parameters.
(2.3) The third programming code flaw occurs at “forum_entry.php” page with “&order”, “&page” parameters.
References:
http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html
http://seclists.org/fulldisclosure/2015/Feb/15
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01652.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553
http://packetstormsecurity.com/files/authors/11270
http://marc.info/?a=139222176300014&r=1&w=4
http://lists.openwall.net/full-disclosure/2015/02/03/2
http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html
http://www.osvdb.org/creditees/12822-wang-jing
https://twitter.com/tetraphibious/status/597971919892185088
http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html
https://www.facebook.com/tetraph/posts/1649600031926623
http://user.qzone.qq.com/2519094351/blog/1431403836
https://www.facebook.com/permalink.php?story_fbid=460795864075109&id=405943696226993
https://plus.google.com/+wangfeiblackcookie/posts/Sj63XDPhH1j
http://essayjeans.blog.163.com/blog/static/2371730742015412037547/#
http://whitehatpost.lofter.com/post/1cc773c8_6ed5839
http://whitehatview.tumblr.com/post/118754859716/cve-2015-1475-my-little-forum-multiple-xss-web