cloisterblog.txt

`  
  
  
Executive Overview  
------------------  
Cloisterblog, a general usage web blog written in perl suffers  
from multiple XSS and directory transversal issues as well as a design flaw in the admin section.  
  
  
  
Program Description  
--------------------  
Cloisterblog  
(http://www.circleofthunder.com/journal/cloisterblog-1.2.2.tar.gz)  
"CloisterBlog is simple but feature packed Web-based journal system that does not  
require MySQL or manual modification of files"  
  
  
  
Issue(s)  
-------  
Cloisterblog doesn't do any parameter checking on inputs, this leads to  
the multiple XSS and directory transversal issues. In addition, the admin  
section of the blog never actually checks the user id of the user, only  
the password. In addition, no sort of logging is performed on this  
parameter, so it is readable suspectable to brute forcing.  
  
  
Example(s)/code  
---------  
/cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00  
  
from journal_admin.pl  
  
sub validateUser {  
  
$password = $passfile[0];  
chomp($password);  
chomp($pass);  
  
if ($pass eq $password) {  
return 1;  
} else {  
return 0;  
}  
}  
  
($user which is declared in journal_admin.pl is never used)  
  
  
Remedy/Fixe(s)  
--------------  
None, delete the blog and either write your own or choose another  
  
  
  
Vendor status  
-------------  
Non Responsive, despite waiting nearly twice as long as we normally do for  
at least a "screw you" reply, the authors have not replied, nor released  
an updated version. we waitied this long because it appears the author  
runs the software him/her self.  
  
  
  
--0-0-0  
Badcode.org  
`