Monday, July 30, 2012

HTB23098: Redaxo cross-site scripting (XSS) vulnerability

Redaxo Redaxo Content Management System [CMS] version 4.4 suffer from cross-site scripting (XSS) vulnerability:
Input passed via the "subpage" GET parameter to "redaxo/index.php" (when "page" is set to "user" or "template") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website.

Vulnerability ID: HTB23098
Vulnerability Type: Cross-site scripting (XSS)
Risk level: Medium
Vendor Notification / Patch / Public Disclosure Dates: 4 July / 23 July / 25 July 2012
Solution: Fixed, apply vendor's patch

Full details of this advisory with PoC-code examples and solution to fix available on HTB23098 Security Advisory: Cross-Site Scripting (XSS) in Redaxo.

Posted by at No comments:
Labels:

High-Tech Bridge: Speaker and Exhibitor at Gartner Symposium ITexpo 2012 in Barcelona (5-8 of November)

High-Tech Bridge will participate at Gartner Symposium ITexpo 2012

High-Tech Bridge will participate at Gartner Symposium ITexpo 2012 held on 5-8 of November 2012 in Barcelona (Spain) as a Speaker and Exhibitor.

Info from Gartner Symposium & ITxpo 2012:
Gartner Symposium/ITxpo is the world's most important gathering of CIOs and senior IT executives. Our 2012 agenda offers 350+ analyst sessions, workshops, roundtables and mastermind keynotes across four full days. With 10 role-based tracks and 6 industry tracks, the agenda targets your specific title responsibilities and ways to adapt new ideas and strategy to your industry, along with insight on what's next in IT.

Related Information:

More information available by request to HTBridge's Marketing Department.

Posted by at No comments:
Labels: ,

Tuesday, July 24, 2012

CVE-2012-1889: Security Update Analysis

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability (CVE-2012-1889). The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue.

Brian Mariani and Frédéric Bourla from High-Tech Bridge (Geneva, Switzerland) have published a publication that explains the details about this fix. As a test workplace used Windows XP SP3 and Internet Explorer 6.0.

Direct link to original PDF: CVE-2012-1889: Security Update Analysis.
Also demonstration video is available for this publication: CVE-2012-1889: Security Update Analysis.

Posted by at No comments:
Labels: , ,

Monday, July 23, 2012

High-Tech Bridge exhibits at invest'12 (10-11 of October, 2012)

High-Tech Bridge, in partnership with E-MERGING platform of Geneva's private bank Lombard Odier, will participate at the fifth edition of invest Event as exhibitor and speaker. Invest'12 event will take place on:

10-11 of October, 2012
Bâtiment des Forces Motrices (BFM)
2 Place des Volontaires
Geneva, Switzerland

For participation in invest'12 or any additional information please contact to High-Tech Bridge directly.

More about event:

Posted by at No comments:
Labels: ,

Friday, July 13, 2012

CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability

Brian Mariani and Frédéric Bourla from High-Tech Bridge (Geneva, Switzerland) have published a very detailed explanation and analysis of CVE-2012-1889 with interesting examples. You can download a presentation here: "CVE-2012-1889 Microsoft XML core services uninitialized memory vulnerability".

According to cve.mitre.org, CVE-2012-1889 description: Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Also history of vulnerability shown on publication page.

Direct link to original PDF: https://www.htbridge.com/publication/CVE-2012-1889.pdf.

Posted by at No comments:
Labels: , ,

Wednesday, July 11, 2012

HTB23097: Kajona multiple cross-site scripting (XSS) vulnerabilities

Kajona Kajona version 3.4.1 suffer from cross-site scripting (XSS) vulnerabilities:
Input passed via the "absender_name", "absender_email" and "absender_nachricht" GET parameters to "index.php" (when "page" is set to "contact"); "comment_name", "comment_subject" and "comment_message" GET parameters to "index.php" (when "page" is set to "postacomment"); "module" GET parameter to "index.php"; "action" GET parameter to "index.php" (when "module" is set to "login" and "admin" is set to "1"); "pv" and "pe" GET parameters to "index.php" (when "module" is set to "user", "action" is set to "list" and "admin" is set to "1"); "user_username", "user_email", "user_forename", "user_name", "user_street", "user_postal", "user_city", "user_tel" and "user_mobile" GET parameters to "index.php" (when "module" is set to "user", "action" is set to "newUser" and "admin" is set to "1"); "group_name" and "group_desc" GET parameters to "index.php" (when "module" is set to "user", "action" is set to "groupNew" and "admin" is set to "1"); "name", "browsername", "seostring", "keywords" and "folder_id" GET parameters to "index.php" (when "module" is set to "pages", "action" is set to "newPage" and "admin" is set to "1"); "element_name" and "element_cachetime" GET parameters to "index.php" (when "module" is set to "pages", "action" is set to "newElement" and "admin" is set to "1"); "aspect_name" GET parameter to "index.php" (when "module" is set to "system", "action" is set to "newAspect" and "admin" is set to "1"); "filemanager_name", "filemanager_path", "filemanager_upload_filter" and "filemanager_view_filter" GET parameters to "index.php" (when "module" is set to "filemanager", "action" is set to "newRepo" and "admin" is set to "1"); "archive_title" and "archive_path" GET parameters to "index.php" (when "module" is set to "downloads", "action" is set to "newArchive" and "admin" is set to "1") are not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website.

Vulnerability ID: HTB23097
Vulnerability Type: Cross-Site Scripting (XSS)
Risk level: Medium
Vendor Notification / Patch / Public Disclosure Dates: 20 June / 26 June / 11 July 2012
Solution: Fixed, upgrade to Kajona v3.4.2

Full details of this advisory with PoC-code examples available on HTB23097 Security Advisory: Multiple Cross-Site Scripting (XSS) in Kajona.

Posted by at No comments:
Labels:

HTB23096: Webmatic Blind SQL injection

Webmatic version 3.1.1 and probably prior suffer from blind SQL injection vulnerability:
SQL Injection: Input passed via the "Referer:" field of the HTTP header to "index.php" script is not properly sanitised before being used in a SQL query. However the SQL injection is blind and shall be exploited by a time-based technique, or any other, suitable for blind SQL injection exploitation.

Vulnerability ID: HTB23096
Vendor Notification / Public Disclosure Dates: 13 June / 4 July 2012
Vulnerabilitiy Type: Blind SQL Injection
Risk level: High
Solution: Edit source code to sanitise user input.

Read full information, details and Proof of Concept (PoC) for this advisory: High-Tech Bridge Advisory HTB23096: Blind SQL Injection in Webmatic.

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)