'Re: [oss-security] CVE Request: WebsiteBaker 2.8.1 <= Arbitrary'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: WebsiteBaker 2.8.1 <= Arbitrary
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-08-19 19:08:51
Message-ID: 1383647632.141993.1313780931833.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2011-2933

Thanks.

-- 
    JB



----- Original Message -----
> 1. OVERVIEW
> 
> WebsiteBaker 2.8.1 and lower versions are vulnerable to Arbitrary File
> Upload.
> 
> 
> 2. BACKGROUND
> 
> WebsiteBaker helps you to create the website you want: A free, easy
> and secure, flexible and extensible open source content management
> system (CMS). Create new templates within minutes - powered by
> (X)HTML, CSS and jQuery. With WebsiteBaker it's quite natural your
> site is W3C-valid, SEO-friendly and accessible - there are no
> limitations at all.
> 
> 
> 3. VULNERABILITY DESCRIPTION
> 
> WebsiteBaker 2.8.1 and lower versions contain a flaw related to the
> /admin/media/upload.php script failing to restrict uploaded files with
> extensions - .htaccess, .php4, .php5, .phtml. This may allow an
> attacker to execute arbitrary PHP code. User account to WebsiteBaker
> admin backend is required. Attacker could gain access it by way of
> either brute force or CSRFing to currently-logged in admin users.
> 
> 
> 4. VERSIONS AFFECTED
> 
> 2.8.1 <=
> 
> 
> 5. SOLUTION
> 
> Upgrade to 2.8.2 or higher
> 
> 
> 6. VENDOR
> 
> WebsiteBaker Org e. V.
> http://www.websitebaker2.org/
> 
> 
> 7. CREDIT
> 
> This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
> Ethical Hacker Group, Myanmar.
> 
> 
> 8. DISCLOSURE TIME-LINE
> 
> 2011-01-26: notified vendor
> 2011-08-01: vendor released fix
> 2011-08-13: vulnerability disclosed
> 
> 
> 9. REFERENCES
> 
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/[websitebaker-2.8.1]_arbitrary_file_upload
> http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
> 
> 
> #yehg [2011-08-13]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic