Joomla Bookman Denial Of Service

Joomla Bookman Denial Of Service: Posted Aug 31, 2011; Authored by MustLive; The Joomla Bookman component suffers from insufficient anti-automation and denial of service vulnerabilities.; tags | exploit, denial of service, vulnerability; SHA-256 | 108fe803d39d714399fcc67cd04a188c8b98f5348e9051e9bdba3e8e62291b72; Download | Favorite | View

Joomla Bookman Denial Of Service

Hello list!

I want to warn you about Insufficient Anti-automation and Denial of Service
vulnerabilities in com_bookman for Joomla. Also this component is included
in Reservation Manager for Joomla.

This is another one of few advisories which I've made in April 2010. In this
advisory I'm continue to inform readers of mailing lists about vulnerable
web applications which are using CaptchaSecurityImages.php.

-------------------------
Affected products:
-------------------------

Vulnerable are all versions of com_bookman and all versions of Reservation
Manager for Joomla.

I've already wrote last year the recommendations about fixing these issues
in another my advisory concerning vulnerable web application with
CaptchaSecurityImages.php. As I wrote earlier
(http://www.securityfocus.com/archive/1/511023), developers of
CaptchaSecurityImages.php fixed this hole at 27.03.2007. So one of the way
to fix these issues is to use fixed version of the script or to make
appropriate changes in com_bookman's version of the script.

----------
Details:
----------

These are Insufficient Anti-automation and Denial of Service
vulnerabilities.

The vulnerabilities exist in captcha script CaptchaSecurityImages.php, which
is using in this system. I already wrote at my site about vulnerabilities in
CaptchaSecurityImages (http://websecurity.com.ua/4043/).

Insufficient Anti-automation (WASC-21):

http://site/components/com_bookman/functions/CaptchaSecurityImages.php?width=150&height=100&characters=2

Captcha bypass is possible via half-automated or automated (with using of
OCR) methods, which were mentioned before (http://websecurity.com.ua/4043/).

DoS (WASC-10):

http://site/components/com_bookman/functions/CaptchaSecurityImages.php?width=1000&height=9000

With setting of large values of width and height it's possible to create
large load at the server.

------------
Timeline:
------------

2010.04.10 - disclosed at my site.
2010.04.11 - informed developers of com_bookman and Reservation Manager for
Joomla.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4117/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Joomla Bookman Denial Of Service

Joomla Bookman Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Bookman Denial Of Service

Share This

Joomla Bookman Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems