exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mayhemic Labs Security Advisory 2006.2

Mayhemic Labs Security Advisory 2006.2
Posted Oct 17, 2006
Authored by Mayhemic Labs Security, Mayhemic Labs | Site mayhemiclabs.com

yhemic Labs MHL-2006-002 Public Advisory: Call-Center-Software Versions 0.93 and below are vulnerable to multiple SQL injection attacks and XSS under certain conditions, along with privilege escalation.

tags | advisory, sql injection
SHA-256 | 8993a093fd677df618e11ffde893eba74f3bc84c22c5fb7dff21dcb5f0e44261

Mayhemic Labs Security Advisory 2006.2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-002 - Public Advisory

+-----------------------------------------------------------+
| Call-Center-Software Multiple Security Issues |
+-----------------------------------------------------------+


PUBLISHED ON
October 11th, 2006


PUBLISHED AT
http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt
http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006002


PUBLISHED BY
Mayhemic Labs
http://www.mayhemiclabs.com

security AT mayhemiclabs DOT com
GPG key: 0x56143F84


APPLICATION
call-center software
http://www.call-center-software.org/

"call-center-software is a free open-source application
released under the GPL"


AFFECTED VERSIONS
Versions 0.93 and below


ISSUES
Call-Center-Software is vulnerable to multiple SQL
injection attacks and XSS under certain conditons,
along with privilege escalation.

1) XSS
Call-Center-Software does not escape data when handling
it allowing malicious javascript data to be inserted by
any user.This is only when Magic Quotes is disabled
within PHP.

Example:
A user entering <script>alert("Moo!");</script> into
the problem description field when submitting the
problem, will cause the javascript to be executed
upon viewing or editting the problem.

2) SQL Injection
Call-Center-Software does not escape data when handling
it allowing malicious users to inject SQL commands into
the database. This is only when Magic Quotes is
disabled within PHP.

Example: By logging into the system with the user
"'or 1=1 or 1='" the attacker is let into the system with
full administrative privileges.

3) Privilege Escalation and Password Disclosure
Call-Center-Software does not check access privileges
when bringing up the "edit user" screen. This, also
combined with the lack of hashed password, discloses
any user on the system's password, username, and other
information stored within the database.

Example: When logged in as a non administrative user
a user can go to edit_user.php?user_id=1 and view the
default admin account's password. Changing the
user_id variable discloses the corresponding account's
data.


WORKAROUNDS
Enabling Magic Quotes will negate the XSS and SQL
injection attacks on affected systems.


SOLUTIONS
None at this time


REFERENCES
call-center software - http://www.call-center-software.org/


TIMELINE
September 25th, 2006
Vendor/Developer Notified
Vendor/Developer Response Recieved
Vendor/Developer Questioned on Patch Availability
No response
October 3rd, 2006
Vendor Followup
Vendor/Developer Response Recieved
Vendor/Developer Questioned on Patch Availability
No response

ADDITIONAL CREDIT
N/A

LICENSE
Creative Commons Attribution-ShareAlike License
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFLazmzjnMaVYUP4QRAjMLAJwPkXBBfIjxcROLm+w4NgxPi+1XZQCgpW/F
jz7P+B+SzCkde2WZOtAXFxE=
=Gth+
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close