Secunia Security Advisory - Marc Ruef has reported two weakness in e107, which potentially can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct phishing attacks.
1a7081e46d391e33b304342b553092390d48b8b360f9b62010d4afcedeacaa12
TITLE:
e107 "rate.php" Redirection and Multiple Rating Weakness
SECUNIA ADVISORY ID:
SA17890
VERIFY ADVISORY:
http://secunia.com/advisories/17890/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
>From remote
SOFTWARE:
e107 0.x
http://secunia.com/product/1927/
DESCRIPTION:
Marc Ruef has reported two weakness in e107, which potentially can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to conduct phishing attacks.
1) A design error exists in the way e107 uses an unverified user
supplied argument to redirect a user after the user has submitted a
file download rating. This can be exploited e.g. by tricking a user
into following a specially crafted HTML link to a trusted site's
e107's "rate.php" script. The user will be redirected to the
untrusted (fake) site when he clicks on the link.
Example:
http://[host]/rate.php?download^2^[url]^1
Successful exploitation requires that the user has already logon to
e107.
2) A design error exists in the way e107 tries to prevent a user from
submitting multiple ratings for a file download. This can be exploited
by malicious users to bypass the restriction and submit multiple
votes.
The weaknesses have been confirmed in version 0.6174. Other versions
may also be affected.
SOLUTION:
Weakness #2 has reportedly been fixed in the CVS repositories for
version 0.7.
PROVIDED AND/OR DISCOVERED BY:
Marc Ruef
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------