by r0t,der4444,cembo,VietMafia

Saturday, December 31, 2005

BugPort Multiple vuln.

BugPort Multiple vuln.


r0t last vuln. report/advisory in 2005 year!

Vuln. discovered by : r0t
Date: 31 dec. 2005
vendor:www.incogen.com/index.php?type=General¶m=bugport
affected version:v1.147 and prior

Product Description:

The BugPort system is an open-source, freely available, web-based system to manage tasks and defects throughout the software development process. BugPort is written with the PHP language using its object-oriented capabilities and is in use by INCOGEN for internal management of software development and QA.


Vuln. Description:

1.
BugPort contains a flaw that allows a remote sql injection attacks.Input passed to the "orderBy" "where" "devWherePair[1][0]" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code


/index.php?view=DevelopmentItemResultsView&devWherePair
%5B0%5D=state_id+%3C+%3F++AND++MATCH+%28report%2Csubjec
t%2Cdevelplan%2Cfixednotes%2Crepsteps%29+AGAINST+%28%3F
++IN+BOOLEAN+MODE%29&devWherePair%5B1%5D%5B0%5D=[SQL]


/index.php?view=DevelopmentItemResultsView&where=project
_id+%3D+%3F&orderBy=[SQL]

/index.php?view=DevelopmentItemResultsView&where=[SQL]




2.
BugPort contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to multiple paremters(see POC below) in "index.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

/index.php?view=AddToFavoriteItemSetView&ids%5B0%5D=[XSS]

/index.php?view=AddRelatedDevelopmentItemFormView&report_id
=9&action=[XSS]

/index.php?view=AddRelatedDevelopmentItemFormView&report_
id=[XSS]

/index.php?view=DevelopmentItemResultsView&devWherePair
%5B0%5D=state_id+%3C+%3F++AND++MATCH+%28report%2Csub
ject%2Cdevelplan%2Cfixednotes%2Crepsteps%29+AGAINST
+%28%3F++IN+BOOLEAN+MODE%29&devWherePair%5B1%5D%5B0%5D
=240&devWherePair%5B1%5D%5B1%5D=[XSS]


/index.php?view=DevelopmentItemResultsView&where=project
_id+%3D+%3F&orderBy=priority_id+DESC&binds%5B0%5D=[XSS]



3.

Input passed to the "action" paramter isn't properly sanitised before being returned to the user. which may expose sensitive information about the system configuration and full instalisations path.


/index.php?view=AddRelatedDevelopmentItemFormView&report_id
=9&action=[CODE]


Solution:
Edit the source code to ensure that input is properly sanitised.

6 Comments:

Anonymous Anonymous told...

www.TheOnlinePromoters.com has everything a webmaster needs to succeed online

11:33 PM

 
Blogger Scott A. Edwards told...

Check this out for FREE...

This opportunity says:

"Your Ad" Will Be Instantly Displayed on Thousands of Websites and Read By Over 10 Million People Per Week For FREE, and It Only Takes 60 Seconds To Get Started!

To find out more visit: low cost network marketing site. It successfully exposes FREE information covering Traffic and low cost network marketing related stuff.

1:25 AM

 
Blogger Shawn T Lippert told...

Thank you for the informative blog
Here Is some additional Sony Ericsson Cell phone resources with reviews and features for
Sony Ericsson Cell Phones if you or your readers are interested

9:31 AM

 
Blogger Scott A. Edwards told...

Are you tired of getting nice compliments on your blog, when really your not makeng the kind of money that you deserve? Now you can join a completely FREE program. No buying and No selling. FREE to join. All you do is refer customers. To get started fast, click here: multi level marketing site. It pretty much covers multi level marketing related stuff and it's FREE to join.

11:35 AM

 
Blogger Scott A. Edwards told...

As a special token of my appreciation for all your kind help and the wonderful business you have sent my way---I want to give you a free gift.
It is called the "$25000.00 Idea". It will help you in all your endeavors.
Click here: FREE GIFT

5:07 AM

 
Anonymous Anonymous told...

With all the new laws implemented on bankruptcy, I've been reading
about all the latest on and ended up on your site. It's interesting to
see how Big Business supports getting into debt with a and
how the government itself gets farther into debt. Yet no one wants to take
responsiblity for it. (enough ranting) Thanks this was an interesting read.

2:52 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew