Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29318
HistoryMay 06, 2013 - 12:00 a.m.

Vulnerabilities in AI-Bolit

2013-05-0600:00:00
vulners.com
10

Hello 3APA3A!

These are Brute Force and Information Leakage vulnerabilities in AI-Bolit. This is security web application.


Affected products:

Vulnerable are all versions of AI-Bolit.

In version 20121014 the filename format was changed (with adding date and time). Which is not enough to protect from guessing, as I stated to the developer. He promised to fix these vulnerabilities. After my recommendations, in version 20130201 the developer added protection against Information Leakage (forbad indexing reports by search engines and added random number to the filename). But software is still vulnerable to Brute Force.


Details:

Brute Force (WASC-11):

http://site/ai-bolit.php?p=1

Information Leakage (WASC-13):

http://site/AI-BOLIT-REPORT.html

http://site/AI-BOLIT-REPORT-<date>-<time>.html (since version 20121014)

Leakage of reports with stats and FPD. Also these reports are indexed by search engines. If there is mentioned backdoors on the site in report, then after getting access to report, it's possible to get to know about backdoors and hack web site with using them.


Timeline:

2013.01.22 - announced at my site.
2013.01.22 - informed developer about vulnerabilities.
2013.02.01 - developer released new version with protection against Information Leakage.
2013.04.13 - disclosed at my site (http://websecurity.com.ua/6271/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua