egroupware100007.txt

`  
  
##########################################################  
# GulfTech Security Research April 20th, 2005  
##########################################################  
# Vendor : eGroupware  
# URL : http://www.egroupware.org/  
# Version : Versions Prior To 1.0.0.007  
# Risk : Multiple Vulnerabilities  
##########################################################  
  
  
  
Description:  
eGroupware is a very popular open source web based collaboration  
software that can be used within an intranet, or externally via   
the internet to build a community and/or help coordinate large   
projects. eGroupware also comes pre packaged in some linux   
distributions. GulfTech Security Research has found a few high   
risk SQL Injection vulnerabilities as well as Cross Site Scripting   
vulnerabilities. A new version of eGroupware is now available and   
all eGroupware users should upgrade immediately. Not only does the   
new eGroupware release address these security issues, but it also   
includes a number of important bugfixes!  
  
  
  
Cross Site Scripting:  
Cross site scripting exists in eGroupware. This vulnerability   
exists due to user supplied input not being checked properly.  
Below are examples that can be used for reference.  
  
http://egroupware/index.php?menuaction=addressbook.uiaddressbook.edit&ab_id=  
11[XSS]  
http://egroupware/index.php?menuaction=manual.uimanual.view&page=ManualAddre  
ssbook[XSS]  
http://egroupware/index.php?menuaction=forum.uiforum.post&type=new[XSS]  
http://egroupware/wiki/index.php?page=RecentChanges[XSS]  
http://egroupware/wiki/index.php?action=history&page=WikkiTikkiTavi&lang=en[  
XSS]  
http://egroupware/index.php?menuaction=wiki.uiwiki.edit&page=setup[XSS]  
http://egroupware/sitemgr/sitemgr-site/?category_id=4[XSS]  
  
This vulnerability could be used to steal cookie based authentication   
credentials within the scope of the current domain, or render hostile   
code in a victim's browser.  
  
  
  
SQL Injection:  
There are a number of SQL Injection vulnerabilities in eGroupware.   
These issues can be used by an attacker to retrieve sensitive   
information from the underlying database and aid in further attacks.   
Examples below  
  
http://egroupware/tts/index.php?filter=u99[SQL]  
http://egroupware/tts/index.php?filter=c99[SQL]  
http://egroupware/index.php?menuaction=preferences.uicategories.index&cats_a  
pp=foobar[SQL]  
  
We will not be releasing any exploited code as requested by the   
developers but these issues are not hard to exploit and all users   
should upgrade immediately.  
  
  
  
Solution:  
eGroupware 1.0.0.007 has been released to address these issues, and   
users can finfd the updated packages at the following location.  
  
http://sourceforge.net/project/showfiles.php?group_id=78745  
  
Special thanks to Mr Ralf Becker and the rest of the eGroupware team  
for addressing these issues fairly quickly despite the recent constitution   
and admin elections etc.  
  
  
  
Related Info:  
The original advisory can be found at the following location  
http://www.gulftech.org/?node=research&article_id=00069-04202005  
  
  
  
Credits:  
James Bercegay of the GulfTech Security Research Team  
  
--   
No virus found in this outgoing message.  
Checked by AVG Anti-Virus.  
Version: 7.0.308 / Virus Database: 266.9.17 - Release Date: 4/19/2005  
  
  
`