Another You tube clone script vulnerability

2007.07.21
Credit: Samael De Icaro
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2007-3773
CWE: CWE-94


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

=) _________________________________________________________________ De todo para la Mujer Latina http://latino.msn.com/mujer/ _____________ ChX Security | Advisory #2 | ============= -> "Generic YouTube Clone Script - XSRF: Arbitrary Code Injection" <- ______ Data | ====== Author: Pepepistola <Pepepistola_at_chxsecurity_dot_org> Program: Generic YouTube Clone Script Severity: Moderately Critical Type of Advisory: Mid Disclosure Affected/Tested Versions: -- (* See below) * There multiple clone scripts make by multiple vendors but all share the same mistakes and even same code, so we couldnt determinate the right (or original) vendor. ____________________ Program Description | ==================== Dream to build your own highly profitable online video sharing community just like YouTube or DailyMotion? Unleash the power of video sharing to boost your websites' traffic & revenues! _________ Overview | ========= The "Email-Template" module has no file type validation and a remote attacker could lead the admin to create a especially crafted malicious email template that allows the remote attacker to compromise the entire system. ___________ WorkAround | =========== The Admin has the capabilities to create and a "Email-Template" that would be stored in the directory: /templates/emails/ Since the module doesn't have any file type validation the admin can upload any arbitrary file type, so a remote attacker can gain access by just leading the (already logged-in) admin to and a specially crafted (malicious) website that truth a Cross-site Request Forgery make the admin automatically create a email template. This could lead to a remote attacker to gain access and further more compromise the entire system. ________________ Proof Of Concept| ================ ChX Security will not release any proof of concept. ____________ Solution/Fix| ============ By the moment there is no official solution provided by the vendor(s)... ChX Security encourages to the website admins to just stay logged-in only the necessary time and keep logged-off at all time that you dont have to do any administration related task. ______ Dates | ====== Bug Found: 04/07/2007 Vendor Contact: --/--/-- Vendor Response: --/--/-- Public Disclosure: 06/07/2007 _______ Shouts | ======= g30rg3_x, musashi, patoruzu, elvispresley, skyline2412 (p1mp4m) ChX Security http://chxsecurity.org/ (c) 2007 Copy: http://chxsecurity.org/advisories/adv-2-mid.txt _________________________ Pepepistola


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top