b2Evolution
Archived Posts from this Category
[b2evolution] b2evolution “redirect_to” HTML Attribute Cross-Site Scriptin
TITLE:
b2evolution “redirect_to” HTML Attribute Cross-Site Scripting
SECUNIA ADVISORY ID:
SA23656
VERIFY ADVISORY:
http://secunia.com/advisories/23656/
CRITICAL:
Not critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
b2evolution 1.x
http://secunia.com/product/12768/
DESCRIPTION:
unsticky has discovered a vulnerability in b2evolution, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the “redirect_to” parameter in htsrv/login.php is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user’s browser
session in context of an affected site.
Successful exploitation allows adding additional attributes (e.g.
“onMouseOver”) to the “Bypass login…” link.
The vulnerability is confirmed in version 1.8.6. Other versions may also
be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
unsticky
0 comments Tuesday 09 Jan 2007 | Guardian | b2Evolution
[b2Evolution] b2evolution “inc_path” File Inclusion Vulnerabilit
TITLE:
b2evolution “inc_path” File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA23346
VERIFY ADVISORY:
http://secunia.com/advisories/23346/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
b2evolution 1.x
http://secunia.com/product/12768/
DESCRIPTION:
tarkus has discovered a vulnerability in b2evolution, which can be
exploited by malicious people to compromise vulnerable systems.
Input passed to the “inc_path” parameter in
inc/CONTROL/imports/import-mt.php is not properly verified before being
used to include files. This can be exploited to include arbitrary files
from local or external resources.
Successful exploitation requires that “register_globals” is enabled.
The vulnerability is confirmed in version 1.8.5. Prior versions may also
be affected.
SOLUTION:
Update to version 1.8.6.
PROVIDED AND/OR DISCOVERED BY:
tarkus
ORIGINAL ADVISORY:
https://tiifp.org/tarkus/advisories/b2evolution111106_01.txt
OTHER REFERENCES:
http://b2evolution.net/news/2006/11/30/security_alert_import_mt_php
0 comments Monday 11 Dec 2006 | Guardian | b2Evolution