Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities

2006.03.20
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: Partial

I have contacted PhpOutsourcing 2 weeks ago, and they didn't answer. The mail I sent on classifieds AT phpoutsourcing DOT com bounced back in error. The one I sent on askme AT phpoutsourcing DOT com never got replied. "Currently, we are completely overloaded with our running projects, and we don't have enough time to deal with our free products. The further development and support of Noah's Classifieds is therefore suspended. Thank you for the understanding and please forgive us that we don't responding to the emails." Anyway, they clearly mention that they have stopped the support, but there are unpatched vulnerabilities in their product. Vendor: PhpOutsourcing Vulnerable: Noah's Classified 1.3 and below Path Disclosure http://www.example.com/classifieds/index.php?method=showdetails&list=dum my which returns: Fatal error: Cannot instantiate non-existent class: dummy in /path/classifieds/gorum/gorumlib.php on line 45 Cross Site Scripting http://www.example.com/classifieds/index.php?method=showdetails&list=%3C script%3Ealert(document.cookie)%3C/script%3Eadvertisement&rollid=1 http://www.example.com/classifieds/index.php?method=%3Cscript%3Ealert(do cument.cookie)%3B%3C/script%3E Solution The vendor is not supporting this product at the moment: "Currently, we are completely overloaded with our running projects, and we don't have enough time to deal with our free products. The further development and support of Noah's Classifieds is therefore suspended. Thank you for the understanding and please forgive us that we don't responding to the emails." To solve this vulnerabilities, in gorum/gorumlib.php: Line 45, add before $base = new gorumroll->class;: if (!class_exists($gorumroll->class)) { $txt="Class does not exist:".preg_replace("/[^a-z]/","",substr($gorumroll->class,0,32)); handleError($txt); } and, at line 124, replace: $txt="Method is not allowed: $gorumroll->method"; by: $txt="Method is not allowed:".preg_replace("/[^a-z]/","",substr($gorumroll->method,0,32)); http://zone14.free.fr/advisories/1/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top