← Advisories

CMSLogik 1.2.1 (user param) User Enumeration Weakness

Low
Advisory ID
ZSL-2013-5137
Release Date
14 April 2013
Vendor
ThemeLogik - http://www.themelogik.com/cmslogik
Affected Version
1.2.1 and 1.2.0
CVE
N/A
Tested On
Router Webserver
Summary

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into.

Description

The weakness is caused due to the 'unique_username_ajax' script enumerating the list of valid usernames when some characters are provided via the 'user' parameter.

Proof of Concept
cmslogik_enum.pyTXT
Disclosure Timeline
05.04.2013Vulnerability discovered.
05.04.2013Contact with the vendor.
05.04.2013Vendor replies asking more details.
05.04.2013Sent detailed information to the vendor.
08.04.2013Vendor confirms the issues promising patch.
14.04.2013Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://cxsecurity.com/issue/WLB-2013040104
[2]http://www.exploit-db.com/exploits/24959/
[3]http://packetstormsecurity.com/files/121304
[4]http://osvdb.org/show/osvdb/92321
[5]http://secunia.com/advisories/53037/
Changelog
14.04.2013Initial release
15.04.2013Added reference [1] and [2]
16.04.2013Added reference [3] and [4]
19.04.2013Added reference [5]