.comment-link {margin-left:.6em;}
Xavier's Security Post
Tuesday, December 06, 2005
  serious vTiger <=4.2 flaws
while recently mangling some XSS in vTiger 4.2, I decided to look into the rest of the advisory disclosed by the folks at www.sec-consult.com.

The situation is quite bleak, at this point the developers of vTiger have to rewrite most of that code, or do some serious patch work.

There are barely any sort of sanitizing for variables passed through by users, and same goes for checks going on to verify if a user is accessing module files directly, or not.

From the situation at hand, an attacker can:

1) craft malicious urls for use in XSS against users on the domain
2) execute complex sql queries to read database data, or inject code (rgod style)
3) upload data without authentication or checks
4) execute arbitrary data, thanks to #3
5) read local files, in the form of local inclusion attacks


If you go to the vTiger project page, they reference the fact that over 100,000 downloads of the software has taken place. if that's the case, don't be surprize by another surge of bots, or defacements.
 
Comments: Post a Comment

Links to this post:

Create a Link



<< Home
This public blog will be a place for me to output any Security findings, both technological and physical, that I have come about. I will post Security advisories I was apart of, and also other interesting bits of knowledge. email: xavier [at] tigerteam.se

RECENT RELEASES
Rocks Clusters <=4.1 mount-loop local root
Rocks Clusters <=4.1 umount-loop local root
TSEAD-200606-6 - Rocks Clusters <=4.1 local root
xorgmodroot.py - Xorg-server 1.0 / <=X11R6.9.0-7.0 local root
TSEAD-200509-5 - Multiple Netscape.com vulnerabilities.
TSEAD-200512-3 - Multiple vulnerabilities in KISBG <=v5.1.1
fsigk_exp.py - FSIGK for Linux <=2.10-431 local root
TSEAD-200510-4 - FSIGK for Linux <=2.10-431 advisory
ritk.php - remote inclusion pentest tool
owm_exp.py - openwebmail <=2.51+ local root
perliodebug_exp.py - perlIO_debug 5.8.* local root
bankfix.py - bank card number lookup tool
TSEAD-200412-2 - AOL XSS/file read vuln
TSEAD-200412-1 - AOL redir vuln

ARCHIVES
September 2005 / October 2005 / November 2005 / December 2005 / March 2006 / April 2006 / May 2006 / June 2006 / July 2006 / September 2006 / October 2006 /