what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

secunia-interact.txt

secunia-interact.txt
Posted Oct 31, 2008
Site secunia.com

Secunia Research has discovered two vulnerabilities in Interact, which can be exploited by malicious people to conduct cross-site request forgery and SQL injection attacks. Version 2.4.1 is affected.

tags | advisory, vulnerability, sql injection, csrf
advisories | CVE-2008-3867, CVE-2008-3868
SHA-256 | 0a344337ca58023d8bc7f45f6b29427586180f34f0c225d4308d31fb3505ee02

secunia-interact.txt

Change Mirror Download
====================================================================== 

Secunia Research 31/10/2008

- Interact SQL Injection and Cross-Site Request Forgery -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

======================================================================
1) Affected Software

* Interact 2.4.1

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately Critical
Impact: SQL Injection
Cross-Site Request Forgery
Where: Remote

======================================================================
3) Vendor's Description of Software

"A platform for the delivery and support of online learning. It
differs from many other elearning platforms in that its aim is to
concentrate on the social/interactive aspects of teaching and learning
rather than the delivery of content to students."

Product Link:
http://sourceforge.net/projects/cce-interact

======================================================================
4) Description of Vulnerability

Secunia Research has discovered two vulnerabilities in Interact, which
can be exploited by malicious people to conduct cross-site request
forgery and SQL injection attacks.

1) Input passed to the "email_user_key" parameter in
spaces/emailuser.php is not properly sanitised before being used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

Successful exploitation of this vulnerability allows e.g. retrieval of
super administrator usernames and password hashes, but requires
knowledge of the database table prefix.

2) The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the request.
This can be exploited to e.g. add new super administrator users by
enticing a logged-in super administrator to visit a malicious web
page.

======================================================================
5) Solution

Apply the vendor's official patch for vulnerability #1:
http://sourceforge.net/tracker/index.php?func=detail&aid=2208205&
group_id=69681&atid=525406

Do not browse untrusted websites while logged in.

======================================================================
6) Time Table

24/10/2008 - Vendor notified.
28/10/2008 - Vendor response.
30/10/2008 - The vendor publishes a patch for vulnerability #1 and
states that he will wait with the CSRF fixes and won't
fix the product's CSRF issues completely.
31/10/2008 - Public disclosure.

======================================================================
7) Credits

Discovered by Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-3867 (SQL injection) and CVE-2008-3868 (CSRF) for the
vulnerabilities.

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-44/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close