Home page logo
/

bugtraq logo Bugtraq mailing list archives

Dir2web3 Mutiple Vulnerabilities
From: Daniel Correa <admin () sinfocol org>
Date: Sun, 05 Aug 2012 03:02:24 -0500

Title:
======
Dir2web3 Multiple Vulnerabilities

Date:
=====
05/08/2012

Author:
=======
Daniel Correa (http://www.sinfocol.org/)

Vulnerable software:
====================
Dir2web v3.0 (http://www.dir2web.it/)

CVE:
====
CVE-2012-4069
CVE-2012-4070

Details:
========
There are two vulnerabilities identified on Dir2web v3.0:

Information disclosure (CVE-2012-4069):
Database folder is public and it is not protected via .htaccess. An attacker
can download the entire database and look for hidden pages on the website.

SQL Injection (CVE-2012-4070):
Preg_match function is not enough to protect GET/POST parameters. An
attacker
can easily make a SQL Injection over the application.

Exploit:
========
Information disclosure:
http://site/_dir2web/system/db/website.db

SQL Injection:
http://site/index.php?wpid=homepage&oid=6a303a0aaa&apos; OR id > 0-- -

Patch:
======
Information disclosure:
Create .htaccess file on _dir2web folder with the following content:
order deny, follow
deny from all

SQL Injection:
Fix the regular expression in dispatcher.php file located on
_dir2web/system/src folder.

Replace:
'/[a-zA-Z0-9]{10}/'
With:
'/^[a-zA-Z0-9]{10}$/'

Timeline:
=========
13/07/2012: Vendor contacted
25/07/2012: CERT contacted
27/07/2012: CVE assigned
05/08/2012: Vulnerability published on Bugtraq

-- 
Regards,
Daniel Correa

Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
  • Dir2web3 Mutiple Vulnerabilities Daniel Correa (Aug 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]