#90 Various Vulnerabilities in Version 0.4.5

closed
Security (24)
9
2005-11-12
2005-09-29
Anonymous
No

Hi!

One week ago (on September 29th), I reported several
vulnerabilities in version 0.4.5 of Simple PHP Blog via
the contact form under
http://www.simplephpblog.com/contact.php, but haven't
received an answer until now. I am planning to release
them in one week (on October 6th), or later if the
developers intend to provide patches in the near
future. In this case, please contact me under the
address given below.

With best regards,

Nenad Jovanovic
Secure Systems Lab
Technical University of Vienna

www.seclab.tuwien.ac.at
enji AT infosys - tuwien - ac - at

Discussion

  • Bill Bateman
    Bill Bateman
    2005-10-01

    • priority: 5 --> 9
    • assigned_to: nobody --> apalmo
     
  • Bill Bateman
    Bill Bateman
    2005-10-01

    Logged In: YES
    user_id=1338564

    Nenad,
    Please also send them to the contact me link on
    billbateman.org as I am also a developer on the project....

    You can also use our soureforge email addresses, mine is
    bbateman@users.sourceforge.net.

    Since we are ALL doing this as a hobby project mainly, I
    would also wish you to give us until the middle of the month
    to solve these issues.

    Thank you in advance.
    Bill Bateman

     
  • Logged In: NO

    Hi!

    I've sent the messages to bbateman at users.sourceforge.net.
    Waiting until the middle of October is no problem for me as
    long as we stay in contact (I don't have to post any
    advisories before November 1st). Please use this mail's
    address for that, since I don't visit the SourceForge
    project page frequently.

    With best regards,

    Nenad

     
  • Dave Fullard
    Dave Fullard
    2005-11-02

    Logged In: YES
    user_id=919800

    Two sites hosted on my server were defaced because of these
    vulns. Any idea when they're going to be fixed?

     
  • Bill Bateman
    Bill Bateman
    2005-11-03

    Logged In: YES
    user_id=1338564

    Actually, the vulnerabilities that caused many sites to be
    hacked/destroyed were fixed in 0.4.5. The vulnerabilities
    provided by Mr. Jovanovic relate to cross-site vulns and
    only happen if the user has credentials to get into the site.

    We are currently testing a version that has fixes to Mr.
    Jovanovic's discovery (SPHPBlog is one of many PHP products
    to have this problem) and we expect it to be released soon.

    Bill

     
  • Bill Bateman
    Bill Bateman
    2005-11-12

    • status: open --> closed
     
  • Bill Bateman
    Bill Bateman
    2005-11-12

    Logged In: YES
    user_id=1338564

    Nenad has posted his findings to the security sites.
    However, it has a low risk rating and we have fixed the
    issue (which exists for most PHP enabled applications) in
    the 0.4.6 release.