Multiple Vulnerabilities in Cloisterblog web blog/journal

From: Dotho (dotho_at_badcode.org)
Date: 03/29/04

  • Next message: http-equiv_at_excite.com: "re: New worm?" 
    Date: Sun, 28 Mar 2004 17:51:07 -0500 (EST)
To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com

    Executive Overview
    ------------------
    Cloisterblog, a general usage web blog written in perl suffers
    from multiple XSS and directory transversal issues as well as a design flaw in the admin section.

    Program Description
    --------------------
    Cloisterblog
    (http://www.circleofthunder.com/journal/cloisterblog-1.2.2.tar.gz)
    "CloisterBlog is simple but feature packed Web-based journal system that does not
    require MySQL or manual modification of files"

    Issue(s)
    -------
    Cloisterblog doesn't do any parameter checking on inputs, this leads to
    the multiple XSS and directory transversal issues. In addition, the admin
    section of the blog never actually checks the user id of the user, only
    the password. In addition, no sort of logging is performed on this
    parameter, so it is readable suspectable to brute forcing.

    Example(s)/code
    ---------
    /cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00

    from journal_admin.pl

    sub validateUser {

    $password = $passfile[0];
    chomp($password);
    chomp($pass);

      if ($pass eq $password) {
        return 1;
      } else {
        return 0;
      }
    }

    ($user which is declared in journal_admin.pl is never used)

    Remedy/Fixe(s)
    --------------
    None, delete the blog and either write your own or choose another

    Vendor status
    -------------
    Non Responsive, despite waiting nearly twice as long as we normally do for
    at least a "screw you" reply, the authors have not replied, nor released
    an updated version. we waitied this long because it appears the author
    runs the software him/her self.

    --0-0-0
    Badcode.org

  • Next message: http-equiv_at_excite.com: "re: New worm?"

    Relevant Pages

    • Multiple Vulnerabilities in Cloisterblog web blog/journal
      ... Cloisterblog, a general usage web blog written in perl suffers ... from multiple XSS and directory transversal issues as well as a design flaw in the admin section. ... "CloisterBlog is simple but feature packed Web-based journal system that does not ...
      (Full-Disclosure)
    • Re: New Organizational Unit for a new remote office.
      ... This posting is provided "AS IS" with no warranties, and confers no rights. ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... EVERY DOMAIN ADMIN IN THE FOREST ...
      (microsoft.public.win2000.active_directory)
    • Re: OT:Wordpress Hacking?
      ... After the last time I got my web host to change the default wordpress admin login of "admin" to something else and fingers crossed it has not happened since. ... It led to Google flagging my blog as unsafe. ...
      (uk.games.video.misc)
    • Re: New Organizational Unit for a new remote office.
      ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... * This posting is provided "AS IS" with no warranties and confers no rights! ... EVERY DOMAIN ADMIN IN THE FOREST ...
      (microsoft.public.win2000.active_directory)
    • [Full-Disclosure] Fw: Multiple Vulnerabilities in Cloisterblog web blog/journal (fwd)
      ... For some reason my normal account is having time-outs sending to the list, so I apologize if this gets sent twice. ... Cloisterblog, a general usage web blog written in perl suffers ... "CloisterBlog is simple but feature packed Web-based journal system that does ...
      (Full-Disclosure)