Full Disclosure mailing list archives
New vulnerabilities in poMMo
From: "MustLive" <mustlive () websecurity com ua>
Date: Tue, 8 Nov 2011 01:05:02 +0200
Hello list! I want to warn you about new security vulnerabilities in poMMo. In addition to previous XSS, BF and IAA vulnerabilities. These are Information Leakage, Insufficient Anti-automation and Abuse of Functionality vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of poMMo (poMMo Aardvark PR16.1 and previous versions). ---------- Details: ---------- Information Leakage (WASC-13): After entering of e-mail at subscribe.php, at the page http://site/pommo/user/process.php the pending_code is showed (as debug information). Which allows to pass registration confirmation and which can be used for subscribing of arbitrary e-mails. Insufficient Anti-automation (WASC-21): http://site/pommo/user/confirm.php?code=32456bdc42bf333c7cf842924aabeba8 Due to lack of captcha at this page and with taking into account Insufficient Anti-automation at subscribe.php and Information Leakage at process.php, it's possible to automate subscription of people on mailing list. Abuse of Functionality (WASC-42): These vulnerabilities allow e-mail (login) enumeration attack, at that only login (without password) is used for user authentication. And also to use e-mails for spam purposes. http://site/pommo/user/update.php?email=1 () 1 com At setting of e-mail (which is login), which isn't in DB of subscribers, the redirect occurs, and if it's in DB then the message shows about incorrect code. http://site/pommo/user/activate.php?email=1 () 1 com At setting of e-mail (which is login), which isn't in DB of subscribers, the redirect occurs, and if it's in DB then the message shows that letter was sent on this e-mail. ------------ Timeline: ------------ 2011.08.17 - announced at my site. 2011.08.17 - informed developers. 2011.11.04 - disclosed at my site. I mentioned about these vulnerabilities at my site: http://websecurity.com.ua/5322/ Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New vulnerabilities in poMMo MustLive (Nov 07)