Chercher sur php.net


ground418 security
Chercher sur mysql



Voici la 580e page demandée aujourd'hui.
Img
Img2
Img3
Img4
Img6
Img7
Img8
Img9


Recherche


sur Internet
sur ground418
Alertes récentes
10-ForumCMS-JS
10-FlashSlideshowMaker-bufferOF
10-Canteen-fileInclude-SQLinject
10-getnnmdata-exec.txt
10-Sebo014-DoS
jaime mieux...

le php
l'asp
le perl
le html
le cafe noir


résultats
Exploits et Vulnérabilités logiciel sur ground418

Texte original (anglais) :

ground418 security advisory



Date: 27-11-2006

Subject: Multiple Vulnerabilities in AlternC version 0.9.5 (and below).

Author: Vincent Audet MŽnard <thabob@gmail.com>

Original File:

http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt



Related Files:

http://dev.alternc.org/trac/alternc/changeset/1737

http://dev.alternc.org/trac/alternc/changeset/1738

http://dev.alternc.org/trac/alternc/changeset/1739



Vendor: http://www.alternc.org/



Vulnerabilities:

- Possible XSS

- Remote code execution

- Unauthorized file and folder creation

- Full file system reading access



Risk: high





-[ About alternC ]



AlternC is a open source hosting services software suite. AlternC includes an automatic installation and configuration system, and a web-based control panel to manage users' accounts and web services (e.g. domains, emails, ftp accounts, statistics...).



-[ Remote code execution ]



It is possible to execute javascript by creating a directory with the file manager of AlternC.

Simply create a folder called "<script>alert(document.cookie);</script>" to have a demonstration.

This could also lead to a path disclosure if php is set to show warnings.



Once the users used the phpmyadmin in alternC, the SQL password can be seen (in plain text) in the cookie. This could lead to a SQL password steal if used with a XSS.



-[ Unauthorized folder and file creation ]



You can create folders and files pretty much anywhere the alternC have the right to do so simply by entering a filename like "../../test" in the "create name" input.



-[ Full FileSystem reading access ]



When configuring a subdomain, you can indicate that the files will be locally managed in a specific folder. You can configure your subdomain to have the web root in "../../../../../" so that you

have complete access in reading (with the apache/alternC user restriction) to the file system.



-[ Solution ]



Except for the SQL password visible in plain text, all these flaws are because of a bad inputs sanitazation. Double dots and slashes should not be permitted anywhere. The form's input in ('admin/bro_main.php', 'admin/dom_subedit.php', 'admin/dom_add.php') were causing the most critical flaws.



AlternC developers have been alerted few days ago and they released a new version. We highly recommend you to stop using 0.9.5 and consider upgrading to the newest version.



Version 0.9.6 is available at https://dev.alternc.org/trac/alternc/milestone/0.9.6



Vincent A. Menard

Les avis les plus populaires de 2010
e107remote.txt
09-pyForum-backdoor
10-ForumCMS-JS
09-
06-alternC-095.txt
09-IPB-XSS
09-jumi205
09-PhpShop-multi
09-SMF-activeXSS
Statistiques pour
cet article :

AnnéeConsultations
20101279
20092331
20082594
20071200
2006220
Total7624
partenaires