Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities

  [email protected] <= 3.1.9e (naboard_pnr.
php) Remote File Include Vulnerability

  Exploits Minichat v6 Remote File Include

  SH-News (RFI)

From:Mayhemic Labs Security <security_(at)_mayhemiclabs.com>
Date:12 октября 2006 г.
Subject:[Full-disclosure] MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-002 - Public Advisory

+-----------------------------------------------------------+
|    Call-Center-Software Multiple Security Issues          |
+-----------------------------------------------------------+


PUBLISHED ON
 October 11th, 2006


PUBLISHED AT
 http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt
 http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006002


PUBLISHED BY
 Mayhemic Labs
 http://www.mayhemiclabs.com

 security AT mayhemiclabs DOT com
 GPG key: 0x56143F84


APPLICATION
 call-center software
 http://www.call-center-software.org/

 "call-center-software is a free open-source application
 released under the GPL"


AFFECTED VERSIONS
 Versions 0.93 and below


ISSUES
 Call-Center-Software is vulnerable to multiple SQL
 injection attacks and XSS under certain conditons,
 along with privilege escalation.

       1) XSS
       Call-Center-Software does not escape data when handling
       it allowing malicious javascript data to be inserted by
       any user.This is only when Magic Quotes is disabled
       within PHP.
       
       Example:
       A user entering <script>alert("Moo!");</script> into
       the problem description field when submitting the
       problem, will cause the javascript to be executed
       upon viewing or editting the problem.
       
       2) SQL Injection
       Call-Center-Software does not escape data when handling
       it allowing malicious users to inject SQL commands into
       the database. This is only when Magic Quotes is
       disabled within PHP.
       
       Example: By logging into the system with the user
       "'or 1=1 or 1='" the attacker is let into the system with
       full administrative privileges.
       
       3) Privilege Escalation and Password Disclosure
       Call-Center-Software does not check access privileges
       when bringing up the "edit user" screen. This, also
       combined with the lack of hashed password, discloses
       any user on the system's password, username, and other
       information stored within the database.
       
       Example: When logged in as a non administrative user
       a user can go to edit_user.php?user_id=1 and view the
       default admin account's password. Changing the
       user_id variable discloses the corresponding account's
       data.
       

WORKAROUNDS
       Enabling Magic Quotes will negate the XSS and SQL
       injection attacks on affected systems.


SOLUTIONS
       None at this time


REFERENCES
       call-center software - http://www.call-center-software.org/


TIMELINE
       September 25th, 2006
               Vendor/Developer Notified
               Vendor/Developer Response Recieved
               Vendor/Developer Questioned on Patch Availability
               No response
       October 3rd, 2006
               Vendor Followup
               Vendor/Developer Response Recieved
               Vendor/Developer Questioned on Patch Availability
               No response
                               
ADDITIONAL CREDIT
 N/A

LICENSE
 Creative Commons Attribution-ShareAlike License
 http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFLazmzjnMaVYUP4QRAjMLAJwPkXBBfIjxcROLm+w4NgxPi+1XZQCgpW/F
jz7P+B+SzCkde2WZOtAXFxE=
=Gth+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород