按月存檔:三月 2015

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities

hacker1

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities



Exploit Title: DLGuard “/index.php?" “&c" parameter Full Path Disclosure Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions: v4.5

Tested Version: v4.5

Advisory Publication: January 18, 2015

Latest Update: March 20, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: CVE-2015-2209

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)

 
 
 
 

Consultation Details:

 

(1) Vendor & Product Description:

 

Vendor:

DLGuard

 

Product & Version:

DLGuard

v4.5

 

Vendor URL & Download:

DLGuard can be obtained from here,

http://www.dlguard.com/dlginfo/index.php

 

Product Introduction Overview:

“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don’t have the time for."

 

“DLGuard supports the three types, or methods, of sale on the internet:

Single item sales (including bonus products!)

Multiple item sales

Membership websites"

 

“DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal’s E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before."

 

(2) Vulnerability Details:

DLGuard web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to important vulnerabilities.


(2.1) The first bug flaw occurs at “&c" parameter in “index.php?” page.

 

 

References:

 

 

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

Computer Technology Hut

08NEncryptionKeymaster-1374242307339

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

Exploit Title: 724CMS /section.php Module Parameter Directory Traversal Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

Vendor URL & download:

724CMS can be bargained from here,

http://724cms.com/

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing…

View original post 詳見內文:約287字

724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

Computer Technology Hut

encrypt

724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

Exploit Title: 724CMS Multiple SQL Injection Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

Vendor URL & download:

724CMS can be gain from here,

http://724cms.com/

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as…

View original post 詳見內文:約244字

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

IT Information Technology Swift News

innovative_1

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities

Vendor: Innovative Interfaces Inc

Product: WebPAC Pro

Vulnerable Versions: 2.0

Tested Version: 2.0

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

Innovative Interfaces Inc

Product & Version:

WebPAC Pro

2.0

Vendor URL & Download:

WebPAC Pro can be got from here,

http://www.iii.com/products/webpac_pro.shtml

http://lj.libraryjournal.com/2005/12/ljarchives/innovative-releasing-webpac-pro/

Libraries that have installed WebPac Pro:

https://wiki.library.oregonstate.edu/confluence/display/WebOPAC/Libraries+that+have+installed+WebPac+Pro

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the…

View original post 詳見內文:約359字

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

IT Information Technology Swift News

innovative_1

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities

Vendor: Innovative Interfaces Inc

Product: WebPAC Pro

Vulnerable Versions: 2.0

Tested Version: 2.0

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

Innovative Interfaces Inc

Product & Version:

WebPAC Pro

2.0

Vendor URL & Download:

WebPAC Pro can be got from here,

http://www.iii.com/products/webpac_pro.shtml

http://lj.libraryjournal.com/2005/12/ljarchives/innovative-releasing-webpac-pro/

Libraries that have installed WebPac Pro:

https://wiki.library.oregonstate.edu/confluence/display/WebOPAC/Libraries+that+have+installed+WebPac+Pro

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the…

View original post 詳見內文:約359字

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities

IT Information Technology Swift News

sql-injection

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities

Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities

Product: SupeSite CMS (Content Management System)

Vendor: Comsenz

Vulnerable Versions: 6.0.1UC 7.0

Tested Version: 7.0

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’ [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:


(1) Vendor & Product Description:



Vendor:

Comsenz

Product & Version:

SupeSite6.0.1UC

SupeSite7.0

Vendor URL & Download:

SupeSite can be bought from here,

http://www.comsenz.com/products/other/supesite

http://www.comsenz.com/downloads/install/supesite#down_open

Source code:

http://www.8tiny.com/source/supesite/nav.html?index.html

Product Introduction:

“SupeSite is an independent content management (CMS) function, and integrates Web2.0 community personal portal system X-Space, has a strong aggregation of community portal systems. SupeSite station can be…

View original post 詳見內文:約268字

724CMS 5.01 Information Leakage Security Vulnerabilities

IT Information Technology Swift News

information_cloud

724CMS 5.01 Multiple Information Leakage Security Vulnerabilities

Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities

Vendor: 724CMS

Product: 724CMS

Vulnerable Versions: 3.01 4.01 4.59 5.01

Tested Version: 5.01

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

Discover and Author: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

724CMS Enterprise

Product & Vulnerable Versions:

724CMS

3.01

4.01

4.59

5.01

Vendor URL & download:

724CMS can be got from here,

http://724cms.com/

Product Introduction Overview:

“724CMS is a content management system (CMS) that has customers spread in Canada, Japan, Korean, the United States, European and many others. It allows publishing, editing and modifying content, organizing, deleting as well as maintenance from a central interface. Meanwhile, 724CMS…

View original post 詳見內文:約224字

2015羊年的新春對聯集錦 – 午馬未羊

INZEED Business Information & Counsel

beautiful-photos-13

2015羊年的新春對聯集錦 – 午馬未羊

上聯:馬馳萬裏 下聯:羊戀千山

上聯:羊肥馬壯 下聯:國富民豐

上聯:雲邊雁斷 下聯:隴上羊歸

上聯:壹元復始 下聯:萬象更新

上聯:材源茂盛 下聯:人壽年豐

上聯:四海生色 下聯:五湖呈祥

上聯:江山不老 下聯:神州永春

上聯:百花齊放 下聯:萬木爭榮

上聯:擡頭見喜 下聯:舉步生風

上聯:五金利市 下聯:萬象回春

上聯:國強民富 下聯:政通人和

上聯:人歡馬叫 下聯:春和景明

上聯:舉國安定 下聯:全民團結

上聯:春燕剪柳 下聯:喜鵲登梅

上聯:黨興軍旺 下聯:法嚴政明

上聯:君民義重 下聯:魚水情深

上聯:國家興旺 下聯:人民安康

上聯:海闊魚躍 下聯:天高鳥飛

上聯:鴻鵠得誌 下聯:桃李爭春

上聯:六畜興旺 下聯:五谷豐登

上聯:北鬥光明春臺起鳳 下聯:南溟壯闊羊角搏鵬

上聯:碧草白羊三春圖畫 下聯:金戈鐵馬萬裏征途

上聯:福鹿吉羊三元開泰 下聯:堯天舜日萬象更新

上聯:過佳節方知紅日暖 下聯:度陽春倍覺黨恩深

上聯:立誌當懷虎膽馳騁 下聯:求知莫畏羊腸扶搖

上聯:綠草如茵羊盈瑞氣 下聯:紅桃似火猴沐春風

上聯:時雨春風五羊獻穗 下聯:堯天舜日百鳳朝陽

上聯:送馬年春花融白雪 下聯:迎羊歲喜鵲鬧紅梅

上聯:萬象更新山青水秀 下聯:五羊獻瑞日麗春華

上聯:壹派生機陽春映日 下聯:滿天煥彩浩氣騰雲

上聯:倡廉反腐清風兩袖 下聯:知恥明榮正氣滿腔

上聯:春滿人間百花吐艷 下聯:福臨小院四季常安

上聯:佳節迎春春生笑臉 下聯:豐收報喜喜上眉梢

上聯:辭舊歲革除舊習慣 下聯:迎新春描繪新藍圖

上聯:發展安定團結形勢 下聯:完成經濟調整任務

上聯:錦繡前程千帆競渡 下聯:長征路上萬馬奔騰

上聯:壯誌淩雲紅心向黨 下聯:春風送暖瑞氣盈門

上聯:軍愛民同心幹四化 下聯:民擁軍並肩保國防

上聯:手握五尺嚴陣以待 下聯:胸懷四化眾誌成城

上聯:面向世界虛懷請教 下聯:腳踏實地循序漸進

上聯:萬象更新精神煥發 下聯:百花齊放春滿人間

上聯:服務周到群眾滿意 下聯:態度和善顧客稱心

上聯:萬紫千紅百花爭艷 下聯:五湖四海壹體同春

上聯:科學春天百花齊放 下聯:人間美景四化宏圖

上聯:加強社會主義法制 下聯:堅持人民民主專政

上聯:安定團結四海添喜 下聯:政策稱心五虎逢春

上聯:選賢任能唯才是舉 下聯:勵精圖治振興在望

上聯:炊煙裊裊 家家忙年飯 下聯:清風陣陣 處處樂新春

上聯:春回大地 形勢壹片好 下聯:香飄神州 風光無限新

View original post

新年的古詩 – 新年快樂 恭喜發財

比翼鳥資訊 - 在天願作比翼鳥 在地願為連理枝

Beautiful-flower-20

新年的古詩 – 新年快樂 恭喜發財

田家元日
(唐)孟浩然
昨夜鬥回北,今朝歲起東;
我年已強壯,無祿尚憂農。
桑野就耕父,荷鋤隨牧童;
田家占氣候,共說此年豐。

《賣癡呆詞》
(唐)範成大
除夕更闌人不睡,厭禳鈍滯迫新歲;
小兒呼叫走長街,雲有癡呆召人賣。

《除夜》
(唐)來鵠
事關休戚已成空,萬裏相思壹夜中。
愁到曉雞聲絕後,又將憔悴見春風。

元日
(宋)王安石
爆竹聲中壹歲除,春風送暖入屠蘇;
千門萬護瞳瞳日,總把新桃換舊符。

元日 玉樓春
(宋)毛滂
壹年滴盡蓮花漏,碧井屠蘇沈凍酒。
曉寒料峭尚欺人,春態苗條先到柳。
佳人重勸千長壽,柏葉椒花芬翠袖。
醉鄉深處少相知,只與東君偏故舊。

除夜
(南宋)文天祥
乾坤空落落,歲月去堂堂;
末路驚風雨,窮邊飽雪霜。
命隨年欲盡,身與世俱忘;
無復屠蘇夢,挑燈夜未央。

拜年
(明)文征明
不求見面惟通謁,名紙朝來滿敝蘆。
我亦隨人投數紙,世情嫌間不嫌虛。

已酉新正
(明)葉颙
天地風霜盡,乾坤氣象和;
歷添新歲月,春滿舊山河。
梅柳芳容徲,松篁老態多;
屠蘇成醉飲,歡笑白雲蝸。

癸已除夕偶成
(清)黃景仁
千家笑語漏遲遲,憂患潛從物外知,
悄立市橋人不識,壹星如月看多時。

鳳城新年辭
(清)查慎行
巧裁幡勝試新邏,畫彩描金作鬧蛾;
從此剪刀閑壹月,閨中針線歲前多。

甲午元旦
(清)孔尚任
蕭疏白發不盈顛,守歲圍爐竟廢眠。
剪燭催幹消夜酒,傾囊分遍買春錢。
聽燒爆竹童心在,看換桃符老興偏。
鼓角梅花添壹部,五更歡笑拜新年。

View original post

ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性

比翼鳥資訊 - 在天願作比翼鳥 在地願為連理枝

ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性

ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性
 
ドメイン:
 
 
脆弱性の概要:
2オープンリダイレクト攻撃脆弱Yahoo.co.jp氷。
脆弱性があることをoccure “/ YJ-アフィリエイト入国? 」 「 VIEW_URL “パラメータのあるページ。
以下は試験のためのWebページのいずれかを使用します。ウェブページアドレスは「 http://www.inzeed.com/kaleidoscope 」です。 thatthisウェブページに悪意があるとします。
computer_code_hd_wallpaper_6
脆弱URL:
POC :
POC動画:
 
によって報告された:
ジン王 (Wang Jing)、物理的および数理科学の学校、南洋理工大学、シンガポール
ブログの詳細:

View original post