logo
DATABASE RESOURCES PRICING ABOUT US

Dir2web3 Mutiple Vulnerabilities

Description

Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa (http://www.sinfocol.org/) Vulnerable software: ==================== Dir2web v3.0 (http://www.dir2web.it/) CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities identified on Dir2web v3.0: Information disclosure (CVE-2012-4069): Database folder is public and it is not protected via .htaccess. An attacker can download the entire database and look for hidden pages on the website. SQL Injection (CVE-2012-4070): Preg_match function is not enough to protect GET/POST parameters. An attacker can easily make a SQL Injection over the application. Exploit: ======== Information disclosure: http://site/_dir2web/system/db/website.db SQL Injection: http://site/index.php?wpid=homepage&oid=6a303a0aaa' OR id > 0-- - Patch: ====== Information disclosure: Create .htaccess file on _dir2web folder with the following content: order deny, follow deny from all SQL Injection: Fix the regular expression in dispatcher.php file located on _dir2web/system/src folder. Replace: '/[a-zA-Z0-9]{10}/' With: '/^[a-zA-Z0-9]{10}$/' Timeline: ========= 13/07/2012: Vendor contacted 25/07/2012: CERT contacted 27/07/2012: CVE assigned 05/08/2012: Vulnerability published on Bugtraq -- Regards, Daniel Correa


Related