exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Jul 21, 2008
Authored by Julien Thomas

The MyReview web application versions 1.9.9 and below and 2.0 Beta suffer from a mishandling of submissions allowing for unintended downloads of said data.

tags | exploit, web, info disclosure
advisories | CVE-2008-3671
SHA-256 | ffac269563255108a5c20a3679275754ac2fb6dfa1ba5fd7676e275428565cc4


Change Mirror Download
Incorrect management of the submission and camera ready versions of
submitted papers to the MyReview system lets unintended users download
these documents. This information leakage can be used to illegally
retrieve sensitive or licensed documents.

I. Description
The MyReview web application is an open-source web application used in
the research community To manage the paper submission and paper review
phases of conferences. Based on the well known PHP+MySQL framework and
distributed under the GNU General Public License, it has been used by
thousands of conferences worldwide.
Incorrect management of the submission and camera ready versions of
submitted papers to the MyReview system lets unintended users download
these documents. This flaw bypass all the access controls implemented
by the MyReview developers. This information leakage is critical as
the documents submitted to the conferences, and mostly at the
submission phase, contain sensitives information researchers may not
want to be publicized.
Besides, this flaw can be used by attackers to retrieve at will the
final version of the documents, after the conferences is done.
However, these final versions may be not free, as it is often the case
for conferences.
More information about this flaw will be publicized later on, as it
could be used to attack existing deployment of the MyReview system.

II. Impact
Exploitation of this vulnerability could lead to the lost of the
sensitive information managed by MyReview: submission and camera ready
version of the submitted paper may be downloaded

III. Solution
The Laboratoire de Recherche en Informatique (LRI), which provide
MyReview has been contacted and they receive a patch I made for this
vulnerability. However, to avoid unpatched website attacks (which are
very easy to do), the author decided to let the LRI making the
decision about how to efficiently performed the update. Please see
your vendor's advisory for updates and mitigation capabilities. A good
point would be to subscribe to MyReview newsletter, if not done yet.

Version and platform Affected
Affected Platforms - Any
Affected Software - MyReview, http://myreview.intellagence.eu/
Affected Versions - Any (prior or equal to 1.9.9, as 2.0 is still in beta)
Severity - High

Authentication - None
Access - Distant (Internet)

<to be upgraded later on>

This vulnerability was reported by Julien A. Thomas.
Contact : julien.thomas@telecom-bretagne.eu
TELECOM Bretagne homepage: http://perso.telecom-bretagne.eu/julienthomas/
Personal homepage: http://www.julienthomas.eu/

Other Information
Date Discovered - 16/07/2008
Date Public - 18/07/2008
Date First Published - 18/07/2008
Date Last Updated - 18/07/2008
CVE Name (candidate) - CVE-2008-3671

PS: sorry if this message was sent twice put I got some mailer-daemons
rejects ...

Login or Register to add favorites

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    25 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By