16 matches found
flatCore CMS 1.4.6: Remote Code Execution and Easteregg
RIPS Analysis The 74,000 lines of code of the flatCore CMS were analyzed in less than 3 minutes. RIPS discovered multiple vulnerabilities ranging from open redirection CVE-2017-11205 and cross-site scripting CVE-2017-11204 to SQL injection CVE-2017-11207, many of them being exploitable as...
e107 2.1.2: SQL Injection through Object Injection
RIPS Analysis The e107 CMS consists of 317,356 lines of code and was analyzed in about 2 minutes. Many of the vulnerabilities found by RIPS are exploitable, despite a few exceptions. The main reason for this is that e107 contains a lot of unused code from previous releases and thus not all affect...
AbanteCart 1.2.8 - Multiple SQL Injections
RIPS Analysis The analysis with RIPS of the well over 200,000 lines of code took 4 minutes to complete. The most critical issues were primarily located in the language manager of the application and could thus be fixed as a bundle. The truncated analysis results are available in our RIPS demo...
Kliqqi 3.0.0.5: From Cross-Site Request Forgery to Code Execution
RIPS Analysis RIPS analysis of the 77,000 lines of Kliqqi code took only 31 seconds to complete and was able to discover several risks within the application. There were no critical vulnerabilities found directly but it is possible to escalate one high-rated security issue to a critical one - as ...
osClass 3.6.1: Remote Code Execution via Image File
RIPS Analysis RIPS was able to scan the 156,000 lines of code in just 23 seconds. Looking at the scan results, a high number of vulnerabilities were detected in this project. Especially high-rated vulnerabilities seem to make the race. However, there is no critical-rated vulnerability found on th...
Redaxo 5.2.0: Remote Code Execution via CSRF
RIPS Analysis When inspecting the charts generated by RIPS, a code execution vulnerability indicated as critical catches our eye. Investigating this issue closer quickly reveals that the vulnerability lies in the administrator panel, seemingly nulling the severity of the vulnerability. We will se...
Guest Post: Vtiger 6.5.0 - SQL Injection
RIPS Analysis RIPS analyzed the 27,371 files with around 650,000 lines of code in only 6 minutes. Due to the nature of a CRM system, it is necessary to have a valid user account to access any of the provided features. Nevertheless, the discovered issues allowed low-privileged users to access high...
phpBB 2.0.23 - From Variable Tampering to SQL Injection
RIPS Analysis The forum phpBB2 consists of only 50,000 lines of code and RIPS took only 19 seconds for its in-depth security analysis to complete. It found various PHP object injection vulnerabilities which are less severe due to missing gadget chains. Further, many SQL injections are reported du...
Precurio 2.1: Remote Command Execution via Xinha Plugin
RIPS Analysis RIPS detected many security vulnerabilities, such as SQL injection and cross-site scripting issues. In order to exploit most of these vulnerabilities in Precurios code base, a user account is required. Precurio also includes a lot of third-party code though that is directly...
PHPKit 1.6.6: Code Execution for Privileged Users
RIPS Analysis Within only 24 seconds, the analysis with RIPS completed and uncovered critical security vulnerabilities, mainly in the administration section of the application. As we demonstrated in multiple previous calendar posts, these vulnerabilities can be chained with other vulnerabilities...
Serendipity 2.0.3: From File Upload to Code Execution
RIPS Analysis The analysis of Serendipity with RIPS took 67 seconds to complete. The total amount of issues is reasonable for a web application of this size. Most of the 36 low severe issues detected are information leakage issues, for example, when an error message leaks the DBMS system of a...
Roundcube 1.2.2: Command Execution via Email
The mirror on SourceForge counts more than 260,000 downloads for Roundcube in the last 12 months1 which is only a small fraction of the actual users. Once Roundcube is installed on a server, it provides a web interface for authenticated users to send and receive emails with their web browser. RIP...
Expression Engine 3.4.2: Code Reuse Attack
RIPS Analysis The analysis with RIPS took about 4 minutes. Overall, the code of Expression Engine seems to be very robust. Still our analysis results point out some vulnerabilities. RIPS detected mainly possibilities for a malicious user to embed HTML and JavaScript code via the administration...
Introducing the RIPS analysis engine
History 2007 - 2009 Almost 10 years ago, a simple PHP Scanner was developed during popularity gaining Capture The Flag CTF hacking battles of university teams. The scanner based on regular expressions and identified simple connections between user input that is first assigned to a variable and th...
eFront 3.6.15: Steal your professors password
RIPS Analysis Our SAST tool RIPS analyzed the whole application in only 1m 32s and uncovered many severe security issues. Most of them are straight-forward SQL Injections that can be used to extract confidential user data, such as passwords, private messages, course results, and personal...
Coppermine 1.5.42: Second-Order Command Execution
RIPS Analysis The analysis with RIPS took only 53 seconds to complete and it uncovered a lot of security vulnerabilities - although most of them require authentication. Nonetheless, these issues are severe because they can be combined with other security vulnerabilities that allow an attacker to...