the original cloud security

CS-2008-2.txt

CS-2008-2.txt
Posted Jul 23, 2008
Authored by Tim Loshak

SocialEngine versions below 2.83 suffer from an input validation vulnerability that allows for client take over.

tags | advisory
MD5 | cd06e8756e37818b845ccfa76907f968

CS-2008-2.txt

Change Mirror Download
SECURITY ADVISORY CS-2008-2

Vulnerability: Improper validation of external parameters
Vendor: SocialEngine (http://www.socialengine.net)
Affected versions: <2.83
Risk: High



I. DESCRIPTION

Improper validation of browser cookies leads to complete control over
client host.



II. BACKGROUND

During client authentication, cookies are used as an input parameters
for authorization and validation of identity both as user and as an
administrator. It is possible to construct specially crafted cookie
parameters which will cause sql injection and give full administrative
access rights. Additionally, having full write access templates for
smarty based engine, together with all-allow security level for the
templates processing, allows injection of php code into templates,
gaining complete and undetected control of the server, such as direct
access to file system, direct access to any databases.



III. ANALYSIS

1. user level entry path via
include/class_user.php

user_checkCookies -> se_user

2. admin level entry path via
include/class_admin.php

admin_checkCookies -> se_admin



IV. POC EXPLOIT

not disclosed, submitted to vendor




V. DISCLOSURE TIMELINE

10-Jul-2008 Initial vendor notification
11-Jul-2008 Vendor releases patch
22-Jul-2008 Public Disclosure



VI. CREDITS

Creogenic Security
Tim Loshak
tim.loshak@gmail.com

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close