======================================================================== phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-002 ------------------------------------------------------------------------ Advisory ID: PHPADSNEW-SA-2005-002 Date: 2005-Nov-15 Security risk: highly critical Applications affetced: phpAdsNew, phpPgAds Versions affected: <= 2.0.6 Versions not affected: >= 2.0.7 ======================================================================== ======================================================================== Vulnerability 1: SQL injection ------------------------------------------------------------------------ Impact: database access (+ potential system access) Where: from remote ======================================================================== Description ----------- Toni Koivunen reported an SQL injection vulnerablility in phpAdsNew and phpPgAds, caused by missing sanitization of the session id cookie. Kevin Fernandez "Siegfried" of Zone-H reported further dangerous exploitation techniques to gain access to the whole database. Depending on the database user permissions, an attacker could also gain access to the local filesystem. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.7. References ---------- http://www.fitsec.com/advisories/FS-05-01.txt http://www.zone-h.org/en/advisories/read/id=8413/ ======================================================================== Vulnerability 2: HTTP response splitting ------------------------------------------------------------------------ Impact: application admin access Where: from remote ======================================================================== Description ----------- Toni Koivunen reported multiple HTTP response splitting vulnerabilities in phpAdsNew and phpPgAds. Many of them could only be made if the attacker already has access to the administration interface. A vulnerability adclick.php could be exploited without access to the application interface. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.7. References ---------- http://www.fitsec.com/ ======================================================================== Vulnerability 3: full path disclosure ------------------------------------------------------------------------ Impact: information disclosure Where: from remote ======================================================================== Description ----------- Toni Koivunen reported multiple full path disclosure vulnerabilities in phpAdsNew and phpPgAds. One of them could also reveal information about files modified or added by the system administrator, using phpAdsNew's own file integrity check system, given that the webserver user has enough permissions. Solution -------- - Upgrade to phpAdsNew or phpPgAds 2.0.7. References ---------- http://www.fitsec.com/advisories/FS-05-01.txt Contact informations ==================== The security contact for phpAdsNew and phpPgAds can be reached at: Best regards -- Matteo Beccati http://phpadsnew.com/ http://phppgads.com/