High-Tech Bridge to Partner with Open Security Foundation

High-Tech Bridge is pleased to announce its partnership with the Open Security Foundation (OSF) and Open Security Vulnerability Database (OSVDB) in particular.

Ilia Kolochenko, CEO of High-Tech Bridge, says, "At High-Tech Bridge, we are pleased to welcome the founders of OSF, Jake Kouns and Brian Martin to our Advisory Board. Their unique experience and competence in vulnerability research and management will be extremely useful in advising our company. Strong technical collaboration between High-Tech Bridge Research Lab, which has obtained both CVE and CWE Compatible statuses this year, and OSVDB shall be fruitful for both the information security and vulnerability research communities. In the near future we are also planning to collaborate in the domain of vulnerability research leveraging our new SaaS ImmuniWeb®, to be launched on the 15^th of January 2013 in a Beta mode."

Brian Martin, President and COO of Open Security Foundation, adds, "High-Tech Bridge has shown serious dedication to providing pro bono vulnerability research for hundreds of software vendors, as well as constantly enhancing their vulnerability research and disclosure process. This drive for maintaining high standards is exactly what the OSF looks for in the industry."

About High-Tech Bridge

High-Tech Bridge SA provides companies and international organizations with cutting-edge information security services, such as penetration testing and computer crime investigations. High-Tech Bridge was recognized as one of the market leaders and best service providers in the ethical hacking industry according to Frost & Sullivan's market research conducted in 2012.

About Open Security Foundation

Open Security Foundation (OSF) is a 501(c)(3) non-profit public organization founded and operated by information security enthusiasts. Open Security Foundation provides independent, accurate, detailed, current, and unbiased security information. Open Security Foundation runs the Open Source Vulnerability Database (OSVDB), the DataLossDB, and other projects. OSVDB currently covers over 87,000 vulnerabilities, spanning over 59,000 products.

Contact
Mr. Sebastien Flaccavento
Tel.: +41-22-560-68-43
E-Mail: press (at) htbridge.com

HTB23133: Elite Bulletin Board multiple SQL injection vulnerabilities

High-Tech Bridge Security Research Lab discovered multiple SQL injection vulnerabilities in Elite Bulletin Board 2.1.21.

The vulnerabilities exist due to insufficient sanitation of user-supplied data in URI in the "update_whosonline_reg()" and "update_whosonline_guest()" functions within the "/includes/user_function.php" script. Many scripts are vulnerable to this atack. More information: High-Tech Bridge Advisory HTB23133 - Multiple SQL Injection Vulnerabilities in Elite Bulletin Board.

Upgrade to Elite Bulletin Board v2.1.22 to fix this issues.

HTB23129: FireFly Media Server Multiple Remote DoS Vulnerabilities

Multiple security vulnerabilities (HTB23126) were found in FireFly Media Server version 1.0.0.1359.

Multiple NULL pointer dereference vulnerabilities in FireFly Media Server

The vulnerability exists due to improper handling of the HTTP CONNECTION, header within the "firefly.exe" binary file. A remote attacker can send a specially crafted packet to 9999/TCP port (FireFly's server default port) with improper CONNECTION header value, leading to a NULL pointer dereference that will cause vulnerable server to crash immediately.

The vulnerability exists due to improper handling of the ACCEPT-LANGUAGE, USER-AGENT and HOST HTTP header parameters within the "firefly.exe" binary file. A remote attacker can send a specially crafted packet to port 9999/TCP with a malformed header containing a control character of return carriage ("\r\n") that will cause a NULL pointer dereference and immediate termination of the vulnerable server.

The vulnerability exists due to improper handling of the HTTP POST and GET methods within the "firefly.exe" binary file. A remote attacker can send a specially crafted packet to 9999/TCP port with an improper HTTP POST or GET request containing an erroneous HTTP protocol version, or one or more control characters of return carriage ("\r\n") leading to a NULL pointer dereference that will cause the vulnerable server to crash immediately.

Source: High-Tech Bridge Advisory HTB23129 - FireFly Media Server Multiple Remote DoS vulnerabilities.

HTB23118: Banana Dance multiple vulnerabilities

Banana Dance versions B.2.6 and probably prior suffers from PHP File Inclusion, Improper Access Control, SQL Injection vulnerabilities, according to High-Tech Bridge Advisory HTB23118 - Multiple vulnerabilities in Banana Dance.

• PHP File Inclusion in Banana Dance:
  Input passed via the "name" POST parameter to "/functions/ajax.php" is not properly verified before being used in "include_once()" function and can be exploited to include arbitrary local files. This can be exploited to include local files via directory traversal sequences and URL-encoded NULL bytes.

• Improper Access Control in Banana Dance:
  The application does not restrict access to the "/functions/suggest.php" script to unauthenticated users. A remote attacker can read arbitrary information from database.

• SQL Injection in Banana Dance:
  Input passed via the "return", "display", "table" and "search" POST parameters to "/functions/suggest.php" script is not properly sanitised before being used in SQL query. Although the "mysql_real_escape_string()" function is called on the input it has no effect due to usage of the ` quotes in SQL query. Input passed via the "id" GET parameter to "functions/widgets.php", "category" GET parameter to "functions/print.php", "name" GET parameter to "functions/ajax.php" scripts are not properly sanitised before being used in SQL query. This vulnerabilities can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Banana Dance is a free, open source, PHP/MySQL program that takes the best of wiki software and combines it with the best of web content management systems (CMS).

In-Memory Fuzzing with Java

New Security Publication was published by Xavier Roussel, Junior Security Analyst at High-Tech Bridge: In-Memory Fuzzing with Java.

More links about Fuzzing:

• Fuzz testing [wikipedia.org]
• Fuzzing [owasp.org]

Direct link to download PDF: In-Memory Fuzzing in JAVA (1,0 MB).

In-Memory Fuzzing with Java (Publication from High-Tech Bridge) from High-Tech Bridge SA (HTBridge)

Web Applications Vulnerabilities CVSSv2 Calculator

High-Tech Bridge is pleased to announce CVSSv2 Calculator for vulnerabilities in web applications.

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.

Read more: A Complete Guide to the Common Vulnerability Scoring System Version 2.0.

High-Tech Bridge to Announce ImmuniWeb® for its Fifth Anniversary

High-Tech Bridge is pleased to celebrate its fifth anniversary on December 12, 2012. We are grateful to all the customers for their loyalty and trust. On this remarkable date, High-Tech Bridge is also proud to partially uncover its innovative in-house product named ImmuniWeb®, expected by many customers, partners and journalists for almost one year.

Ilia Kolochenko, CEO, briefs about it:

"Our fifth year of continuous growth proves that we are doing the right thing and our business strategy is correct. Finally, we are ready to launch ImmuniWeb®, a product that is aimed to change our market towards simplicity, integrity and accessibility for Small and Medium Businesses, who were unfairly prevented from testing their security by high market prices and administrative difficulties. We have invested several million dollars and almost 3 years into its development, and now we are ready to present it to the public. The official sales of ImmuniWeb® Beta will start on the 15^th of January 2013 for all the customers in Switzerland, and for the holders of invite-codes abroad. Later the product will be available worldwide without limitations. We have already registered the trademark in 36 countries. For the moment that's all I can say about ImmuniWeb®, more information is coming soon. Stay with us."

High-Tech Bridge will offer special discounts for ImmuniWeb® to all its customers. If you are located abroad please contact your High-Tech Bridge's Account Manager by e-mail to get an invite-code.

About High-Tech Bridge
High-Tech Bridge SA provides multinational companies, financial institutions, and international organizations with edge-cutting information security, penetration testing and ethical hacking services. In 2012 Frost & Sullivan's market research has recognized High-Tech Bridge as one of the market leaders and best service providers in the ethical hacking.

Contacts
Mr. Sebastien Flaccavento
Tel.: +41-22-560-68-43
E-Mail: press@htbridge.com

Web: https://www.htbridge.com

Twitter: https://twitter.com/htbridge

Facebook: https://www.facebook.com/htbridge

HTB23127: Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF)

Smartphone Pentest Framework (SPF) versions 0.1.3, 0.1.4 suffers from OS Command Injection [CWE-78]. High-Tech Bridge Security Research Lab discovered multiple vulnerabilities (Multiple OS Command Execution Vulnerabilities) in Smartphone Pentest Framework (SPF), which could be exploited to get control over a penetration testers's machine remotely.

According to High-Tech Bridge's Advisory HTB23127, multiple Perl scripts in the "/frameworkgui/" directory do not perform sanitation of user-supplied input passed as argument to the "system()" function, so that it becomes possible to inject and execute arbitrary OS commands on the target system with privileges of the web server user.

Due to unfixed CSRF vulnerability (3) in HTB23123 is possible exploit the vulnerabilities, exists in "SEAttack.pl" script (due to insufficient validation of user-supplied input passed via the "hostingPath" parameter), "CSAttack.pl" script due to insufficient validation of user-supplied input passed via the "hostingPath", "attachMobileModem.pl" script due to insufficient validation of user-supplied input passed via the "appURLPath".

This vulnerabilities are unpatched at this time, as a temporary solution remove or disable SPF's GUI.

Full advisory: High-Tech Bridge Advisory HTB23127 - Multiple Vulnerabilities in Smartphone Pentest Framework (SPF).

HTB23120: TVMOBiLi Media Server remote DoS vulnerabilities

High-Tech Bridge Security Research Lab has discovered 2 remote DoS vulnerabilities in TVMOBiLi Media server, which could be exploited to crash remote server with malicious HTTP requests.

Due to improper handling of length parameter inconsistency [CWE-130] TVMOBiLi was vulnerable to perform DoS attacks.

Brief description of vulnerabilities:
The vulnerabilities exists due to improper handling of URI length within the "HttpUtils.dll" dynamic-link library. A remote attacker can send a specially crafted HTTP GET request of 161, 257 or 255 characters long, or 255, 257 or 260 characters long to 30888/TCP port (default TVMOBiLi's server port) and cause a stack-based buffer overrun that will crash tvMobiliService service.

TVMOBiLi is a free Media server for Mac, Windows, and Linux OS that enables your computer to communicate with a myriad of modern devices in your home using the power of UPnP.

Solution:
Vulnerabilities are now fixed in TVMOBiLi 2.1.0.3974

References:

1. High-Tech Bridge Advisory HTB23120: TvMobili Media Server Multiple Remote DoS Vulnerabilities
2. TVMOBiLi - a free Media server for Mac, Windows, and Linux

HTB23125: ClipBucket SQL injection vulnerabilities

Multiple SQL injection vulnerabilities were found in ClipBucket, free and opensource video sharing script. Full details of vulnerabilities with Proof-of-Concept examples are available on High-Tech Bridge Security Research Lab's page: High-Tech Bridge Advisory HTB23125: Multiple SQL Injection vulnerabilities in ClipBucket.

Vulnerable scripts list: "ajax.php", "/user_contacts.php", "/view_channel.php", "view_page.php", "view_topic.php", "/watch_video.php".

As noticed on researcher's page, some of this vulnerabilities were described early for previous versions of ClipBucket, however they were not fixed in the tested version (2.6 Revision 738).

Now solution is available: apply CB SQL Injection Fix 11282012 patch or upgrade to ClipBucket 2.6 r738 with security fixes (clipbucket-2.6-r738-security-fixed-p2). This files are available in download area of ClipBucket's SourceForge page.

HTB23126: Achievo SQL injection, cross-site scripting (XSS) vulnerabilities

Multiple security vulnerabilities (HTB23126) are found in Achievo version 1.4.5.

• SQL Injection vulnerability in Achievo:
  The vulnerability was discovered in the "dispatch.php" script while handling the "activityid" HTTP GET parameter. A remote authenticated attacker can inject and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability requires that an attacker is logged-in into application (registration is closed by default).
• Cross-Site Scripting (XSS) vulnerability in Achievo:
  Input sanitation error was found in the "include.php" script when handling the "field" HTTP GET parameter. A remote attacker can execute arbitrary HTML and script code in user's browser in context of a vulnerable website.

Achievo is flexible web-based resource management software that is suitable for any medium sized company that needs to keep track of its resources, projects, clients, contacts, planning and daily scheduling.

References:

1. Achievo.org - Project Management Software
2. High-Tech Bridge Advisory HTB23126: Multiple vulnerabilities in Achievo