SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

SocialEngine (SocialEngine.net) high risk security flaw


Arrow  SecurityAlert : 4035
Arrow  CVE : CVE-2008-3297
Arrow  CVE : CVE-2008-3298
Arrow  CWE : CWE-89
Arrow  CWE : CWE-94
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : No
Arrow  Credit : Tim Loshak
Arrow  Published : 26.07.2008

Arrow  Affected Software : Social Engine, Social Engine, 2.4, Se
Social Engine, Social Engine, 2.5
Social Engine, Social Engine, 2.1
Social Engine, Social Engine, 2.0
Social Engine, Social Engine, 2.0, Online_beta
Social Engine, Social Engine, 1.8
Social Engine, Social Engine, 1.7
Social Engine, Social Engine, 1.6
Social Engine, Social Engine, 1.4
Social Engine, Social Engine, 1.1
Social Engine, Social Engine, 1.0
Social Engine, Social Engine, 2.7
Social Engine, Social Engine, 2.81, and previous



Arrow  Advisory Content :  

SECURITY ADVISORY CS-2008-2

Vulnerability: Improper validation of external parameters
Vendor: SocialEngine (http://www.socialengine.net)
Affected versions: <2.83
Risk: High

I. DESCRIPTION

Improper validation of browser cookies leads to complete control over
client host.

II. BACKGROUND

During client authentication, cookies are used as an input parameters
for authorization and validation of identity both as user and as an
administrator. It is possible to construct specially crafted cookie
parameters which will cause sql injection and give full administrative
access rights. Additionally, having full write access templates for
smarty based engine, together with all-allow security level for the
templates processing, allows injection of php code into templates,
gaining complete and undetected control of the server, such as direct
access to file system, direct access to any databases.

III. ANALYSIS

1. user level entry path via
include/class_user.php

user_checkCookies -> se_user

2. admin level entry path via
include/class_admin.php

admin_checkCookies -> se_admin

IV. POC EXPLOIT

not disclosed, submitted to vendor

V. DISCLOSURE TIMELINE

10-Jul-2008 Initial vendor notification
11-Jul-2008 Vendor releases patch
22-Jul-2008 Public Disclosure

VI. CREDITS

Creogenic Security
Tim Loshak
tim.loshak (at) gmail (dot) com [email concealed]



Arrow  References :

http://www.socialengine.net/news.php
http://xforce.iss.net/xforce/xfdb/43958
http://www.securityfocus.com/bid/30342
http://www.securityfocus.com/archive/1/archive/1/494638/100/0/threaded
http://secunia.com/advisories/31203




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.