Author Topic: vulns  (Read 6602 times)

anon

  • Guest

Offline Ryan

  • Posts: 2048
  • Gender: Male
    • My Homepage
Re: vulns
« Reply #1 on: July 30, 2005, 02:18:43 AM »
Hmm, it is sad that these links don't really explain any problems.
Could anyone help diagnose the problem - it is a little to little info for me.
I am guessing these two things have to do with the code module and the media section.
Website Baker Project Founder
https://WebsiteBaker.org

To contact me via email, visit:
www.ryandjurovich.c om

Offline hudge

  • Posts: 174
    • http://www.hudge.com
Re: vulns
« Reply #2 on: July 30, 2005, 02:27:18 AM »
Well I am glad to see that people are getting involved and spreading the word. Too bad they would not post a screename. These features are understood by the administrator. IE if you allow someone to access your site, they can do bad things. Yes limits can be put on and will most likely be there in version 3.

Overall this software is GREAT! Spend some time and see for yourself.
: Member of the Baker's Dozen :
Baking at 350˚ for 2 hours now...

Offline Ryan

  • Posts: 2048
  • Gender: Male
    • My Homepage
Re: vulns
« Reply #3 on: July 30, 2005, 04:15:24 AM »
What I want to know is if these "Vulnerabilities" can be used for people  that do not have an account (i.e. can anyone just go to your website and do the reported things [which i am yet to figure out are]), or do you have to login to the Administration to do these things - if so then it can easily be limited using correct permissions).
Website Baker Project Founder
https://WebsiteBaker.org

To contact me via email, visit:
www.ryandjurovich.c om

KenZo

  • Guest
Re: vulns
« Reply #4 on: July 31, 2005, 07:09:13 PM »
Remote: Yes (via web dus)
Local: No (locale server)

(nl: duidelijk)

tgo

  • Guest
Re: vulns
« Reply #5 on: August 01, 2005, 06:51:41 PM »
I thought I put my details in the post I did when I showed these vulns but I guess not. About the vulns: The cross site scripting one can be done by anyone with access to browse.php. The file upload one is way more dangerous because whoever has access can upload any file type they want such as php and then have php files on the server.  I dont remember exactly if this product had a file that was included for a conenction to the database, but most do, and so with this php file someone uploaded they could include the connection file and then run any query they wanted on the database.

feel free to email me if you want i put my addy in the post

tgo

  • Guest
Re: vulns
« Reply #6 on: August 01, 2005, 06:56:06 PM »
if you want more details check my original post at

http://bluelightningblade.com/papers/wb.txt

Offline Ryan

  • Posts: 2048
  • Gender: Male
    • My Homepage
Re: vulns
« Reply #7 on: August 06, 2005, 07:34:07 AM »
These "security vulerabilities" make things seem much worse than they really are.
These are not really security holes - it is just the way the features work.

If you don't set things up right, you can leave things dangerously vulnerable.
It is like any computer - if you just plug it in "as is", without configuring user accounts and groups with proper permissions, anyone can do anything to a system (well, for Windows this is the case).
However, if configured correctly, only trusted people can do serious things.

Although it is not really a security hole, there are measures that can be taken to prevent these problems, such as disabling certain file-extensions for media.
These features will most likely be added in 2.5.3 (or 2.6.0), just to make things more flexible.
 8-)
« Last Edit: August 06, 2005, 07:35:41 AM by Ryan »
Website Baker Project Founder
https://WebsiteBaker.org

To contact me via email, visit:
www.ryandjurovich.c om

Offline Ryan

  • Posts: 2048
  • Gender: Male
    • My Homepage
Re: vulns
« Reply #8 on: August 18, 2005, 10:24:27 AM »
A forum member contacted me regarding the "vulnerabilities", here are the solutions I provided him with until I release another WB2:
- If you are on a shared host, make sure that the PHP error reporting level is set to 0 (found in config file). This way, paths should not be disclosed.
- If you cannot trust your users, a quick fix on an Apache server: you could put a .htaccess file under the media folder that blocks execution of certain file extensions.
By taking these two measure, the two security vulnerabilities become irrelavent.
 8-)
Website Baker Project Founder
https://WebsiteBaker.org

To contact me via email, visit:
www.ryandjurovich.c om

Offline Ryan

  • Posts: 2048
  • Gender: Male
    • My Homepage
Re: vulns
« Reply #9 on: September 08, 2005, 11:05:41 AM »
Just letting you all know that all the known "security vulnerabilities" will be fixed/have been fixed for 2.6.0 (to be released shortly - see here), not that they were that serious anyways :-D
Website Baker Project Founder
https://WebsiteBaker.org

To contact me via email, visit:
www.ryandjurovich.c om

fjord

  • Guest
Re: vulns
« Reply #10 on: July 19, 2006, 12:01:19 PM »
Hello!

Some of you authorities should update the Secunia database, the current status is unresolved. Then WebsiteBaker will get a top ranking on this vulnerability portal.

Check out this excellent status report: http://secunia.com/product/5455/

Thanks for keeping security focus!

Fjord