Re: Vulnerabilities in Dunia Soccer

[Susan Bradley <sbradcpa () pacbell net>]

Timeline:
17.03.2010 - found vulnerabilities.
30.03.2010 - disclosed at my site.
31.03.2010 - informed developers.
-----------------------------

Pardon me, but you disclosed it at your site before you informed the 
developers? 

I don't even know what Dunia soccer is but how about you give vendors a 
chance to make good?

Is it a vendor site that has information or is this a informational 
forum/sale of soccer stuff site that has a buggy captcha that makes the 
server admin wonder what is chewing up the CPU and why spam is still 
making it to the site?

The vulnerability ...or rather the bug is in the captcha code, this is 
just a site using it, right?

But really, for this type of bug do you really need to be trying to 
"shame" someone into fixing it or just informing the site that there's a 
page that is sucking CPU cycles and able to bypass the captcha to post spam?

Why not give the admin of the site a chance?

MustLive wrote:
> Hello Bugtraq!
>
> I want to warn you about security vulnerabilities in system Dunia Soccer.
>
> -----------------------------
> Advisory: Vulnerabilities in Dunia Soccer
> -----------------------------
> URL: http://websecurity.com.ua/4083/
> -----------------------------
> Affected products: all versions of Dunia Soccer.
> -----------------------------
> Timeline:
> 17.03.2010 - found vulnerabilities.
> 30.03.2010 - disclosed at my site.
> 31.03.2010 - informed developers.
> -----------------------------
> Details:
>
> These are Insufficient Anti-automation and Denial of Service
> vulnerabilities.
>
> The vulnerabilities exist in captcha script CaptchaSecurityImages.php, 
> which
> is using in this system. I already reported about vulnerabilities in
> CaptchaSecurityImages (http://websecurity.com.ua/4043/).
>
> Insufficient Anti-automation:
>
> http://site/class/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2 
>
>
> Captcha bypass is possible as via half-automated or automated (with 
> using of
> OCR) methods, which were mentioned before 
> (http://websecurity.com.ua/4043/),
> as with using of session reusing with constant captcha bypass method
> (http://websecurity.com.ua/1551/), which was described in project 
> Month of
> Bugs in Captchas.
>
> DoS:
>
> http://site/class/captcha/CaptchaSecurityImages.php?width=1000&height=9000 
>
>
> With setting of large values of width and height it's possible to create
> large load at the server.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua