SECURITY ADVISORY CS-2008-2
Vulnerability: Improper validation of external parameters Vendor: SocialEngine (http://www.socialengine.net) Affected versions: <2.83 Risk: High
Improper validation of browser cookies leads to complete control over client host.
During client authentication, cookies are used as an input parameters for authorization and validation of identity both as user and as an administrator. It is possible to construct specially crafted cookie parameters which will cause sql injection and give full administrative access rights. Additionally, having full write access templates for smarty based engine, together with all-allow security level for the templates processing, allows injection of php code into templates, gaining complete and undetected control of the server, such as direct access to file system, direct access to any databases.
user_checkCookies -> se_user
admin_checkCookies -> se_admin
IV. POC EXPLOIT
not disclosed, submitted to vendor
V. DISCLOSURE TIMELINE
10-Jul-2008 Initial vendor notification 11-Jul-2008 Vendor releases patch 22-Jul-2008 Public Disclosure
Creogenic Security Tim Loshak email@example.com