by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

bitweaver multiple vuln.

bitweaver multiple vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
affected version: 1.1 and 1.1.1 beta and prior

Product Description:

bitweaver is a rename of the TikiPro software, and is a web based open-source Web Application Framework software application that offers a wide range of features such as wiki, articles, phpBB bulletin board, newsletter, blogs, image photo gallery, file sharing, link directory, poll/survey, quiz, FAQ, banners, webmail, calendar, category. It is written in PHP and supports MySQL, PostgreSQL, Oracle, Sybase, and FireBird on Windows & Linux.

Vuln. Description:

1. SQL inj,

bitweaver contains a flaw that allows a remote sql injection attacks.Input passed to the "sort_mode" "post_id" "blog_id" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

some examples:


2. XSS

contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "sort_mode" "post_id" "blog_id" and search field in "/users/my_groups.php" paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


examples no needed, use first examples only change input.

3. Full path
With errors from previous vuln. attacker can get full install path and other senstive information.

Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

bitweaver has released version 1.2 to fix this. details:


10:36 AM

Anonymous Lester Caine told...

And of cause it is always curtious to advise the project of an identified security problem PRIOR to making the expoit public ;)

12:18 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew