Reportico Admin Credential Leak

2014-06-28T00:00:00
ID PACKETSTORM:127280
Type packetstorm
Reporter ms
Modified 2014-06-28T00:00:00

Description

                                        
                                            `  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
SECV-05-1402 - Reportico software admin credentials leak  
  
Product description:  
  
Reportico is a comprehensive Open Source web reporting tool written  
purely in PHP. Reportico provides a web-based front end screen for  
designing and viewing reports stored in XML format. Reportico supports  
flexible criteria selection and reports may be presented in HTML, PDF,  
CSV, XML and JSON formats. Groups, graphs, expressions and drilldowns  
are also easily incorporated and reports may be embedded into existing  
web pages with a few lines of PHP.  
  
CVE-ID: CVE-2014-3777  
  
Affected versions: All versions prior to 4.0 including plugins  
Vendor url:http://www.reportico.org  
Vulnerability status: Fixed  
Advisory url: http://www.secveritas.com/secv-05-1402.html  
  
Vulnerability details:  
  
By loading the admin template an attacker could access all information  
for a report including database credentials and admin password for the  
report.  
This could be obtained due lack of proper check of the URL parameter  
xmlin. By changing the parameter in the HTTP request to  
xmlin=../admin/configureproject.xml an attacker would obtain project  
administration.  
  
Timeline:  
  
13th May 14 - First contact with reportico.org developer  
15th May 14 - Vulnerability reported with evidences and full problem  
description and fix proposal  
18th May 14 - Correction of the problem following proposal from SECVeritas  
20th May 14 - New version made available for re-testing  
21st May 14 - New version tested some sugestions made for improvement  
1st Jun 14 - Final version created by developer, waiting for release  
28th Jun 14 - Public disclosure of the vulnerability.  
  
Credits:  
ms - secveritas.com  
2014  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1  
  
iQEcBAEBAgAGBQJTrC/CAAoJEN3eoZ/uAn514A0H/08oAI7WQCZ8x+vVpq3oYPr+  
5+rvSKAhW+GGNnEo7Xe8El4p7J4IxVpncGpCfO8X9NBVMP3rdnweaCrSoylmBoej  
dzhxXAZYPZkekKBSBAqVoTK7RMHj1ptDjG2vt/Z5wQM+ywK9hB03fxQWJ5LwTCZK  
SbBZa6Sa53SIJqhAK5MWa0+zCTaScs39jj2GVhwYkQd7YhsztcGf0bCj1MFByUVA  
/9YKqamBuhymk2JjXl4KPIZX01zFe3/GEcYU6kupuKirgi/kh1CsmDMlfi9+cdrn  
QWv3VW/V3XbpyPuzOt+TCbBo48CnxqcYRB2QhiFI9eyxLJbdFqW2piIhvnNKAJo=  
=+6d1  
-----END PGP SIGNATURE-----  
  
  
  
`