exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

remlab.txt

remlab.txt
Posted Dec 1, 2006
Authored by Jesper Jurcenoks | Site netvigilance.com

REMLAB is susceptible to an input validation vulnerability.

tags | advisory
advisories | CVE-2006-5896
SHA-256 | 913ea89f58c285f876b67754a08df09a0228c61281f43a752af4e1872c33cdf5
Download | Favorite | View

remlab.txt

Change Mirror Download
Description:
REMLAB is a fully fuctional cross-platform web-based Battlemech designer for the tactical board game Battletech. REMLAB is built entirely on HTML, PHP, and JavaScript with AJAX functionality. The vulnerability exists in calculate.php script which allows remote attackers to obtain sensitive information via an HTTP request to calculate.php that contains wrong value in Tonnage parameter. This causes the information to be leaked in an error message.

External References: 
Mitre CVE: CVE-2006-5896 
NVD NIST: CVE-2006-5896
OSVDB: 30264 

Summary: 
REMLAB is a fully fuctional cross-platform web-based Battlemech designer for the tactical board game Battletech. 
A security problem in the product allows attackers to gather the true path of the server-side script. 

Release Date:
November 27 2006

Severity:
Risk: Low
 
CVSS Metrics
Access Vector: Remote
Access Complexity: Low
Authentication: not-required
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Impact Bias: Normal
CVSS Base Score: 2.3
 
Target Distribution on Internet: Low
 
Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated
 
Vulnerability Impact: Attack
Host Impact: Path disclosure.


SecureScout Testcase ID:
TC 17937

Vulnerable Systems:
REMLAB Web Mech Designer 2.0.5

Vulnerability Type:
Input Validation error - The calculate.php script has a flaw which leads to a Warning. This is an input validation fault when the script is not testing the data passed.

Vendor Status: 
The Vendor has been contacted on November 14th 2006, by email and phone,. Vendor has not responded.
There is no official patch at this time.
Workaround:
Disable warning messages: modify in the php.ini file the following line: display_errors = Off .
Example: 
HTTP REQUEST http://[TARGET]/[REMLAB-directory]/include/calculate.php?Tonnage=%60 
REPLY
...
<b>Warning</b>:  Division by zero in <b D:\WWWRoot\<username>\calculate.php</b> on line <b>438</b><br />
,,0.00,,1,,2,,12,,12,,8,,8,,2,,2,,10,,0.0,,0.0
... 
URL of Original Advisory: http://www.netvigilance.com/advisory0007 

Credits: 
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close