Tugux CMS 1.2 Multiple Remote Vulnerabilities
Title: Tugux CMS 1.2 Multiple Remote Vulnerabilities
Advisory ID: ZSL-2011-5014
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting
Risk: (4/5)
Release Date: 22.05.2011
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
[08.04.2011] Vendor contact.
[17.05.2011] Vendor replies asking more details.
[17.05.2011] Sent vendor report file, asking verification.
[20.05.2011] No response from vendor.
[21.05.2011] Sent another e-mail asking for any info.
[21.05.2011] No reply from vendor.
[22.05.2011] Public advisory released.
tugux_raw_02042011.txt
[2] http://packetstormsecurity.org/files/101604
[3] http://securityreason.com/wlb_show/WLB-2011050079
[4] http://secunia.com/advisories/44663/
[5] http://www.securityfocus.com/bid/47939
[6] http://xforce.iss.net/xforce/xfdb/67582
[7] http://xforce.iss.net/xforce/xfdb/67583
[8] http://xforce.iss.net/xforce/xfdb/67584
[9] http://osvdb.org/show/osvdb/72844
[10] http://osvdb.org/show/osvdb/72845
[11] http://osvdb.org/show/osvdb/72846
[12] http://osvdb.org/show/osvdb/72847
[23.05.2011] - Added reference [2], [3], [4] and [5]
[24.05.2011] - Added reference [6], [7] and [8]
[13.06.2011] - Added reference [9], [10], [11] and [12]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-5014
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting
Risk: (4/5)
Release Date: 22.05.2011
Summary
Tugux CMS is a free, open-source content Management system (CMS) and application that powers the entire web.Description
The application suffers from multiple issues including: reflected and stored xss, sql Injection, local file inclusion, url redirection. Vulnerable parameters include: 'name', 'comment', 'nid', 'submit1', 'email', 'topic_id'.Vendor
Tugux Studios - http://www.tugux.comAffected Version
1.2Tested On
Microsoft Windows XP Professional SP3 (EN)Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
[02.04.2011] Vulnerabilities discovered.[08.04.2011] Vendor contact.
[17.05.2011] Vendor replies asking more details.
[17.05.2011] Sent vendor report file, asking verification.
[20.05.2011] No response from vendor.
[21.05.2011] Sent another e-mail asking for any info.
[21.05.2011] No reply from vendor.
[22.05.2011] Public advisory released.
PoC
tugux_mv.txttugux_raw_02042011.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.exploit-db.com/exploits/17312/[2] http://packetstormsecurity.org/files/101604
[3] http://securityreason.com/wlb_show/WLB-2011050079
[4] http://secunia.com/advisories/44663/
[5] http://www.securityfocus.com/bid/47939
[6] http://xforce.iss.net/xforce/xfdb/67582
[7] http://xforce.iss.net/xforce/xfdb/67583
[8] http://xforce.iss.net/xforce/xfdb/67584
[9] http://osvdb.org/show/osvdb/72844
[10] http://osvdb.org/show/osvdb/72845
[11] http://osvdb.org/show/osvdb/72846
[12] http://osvdb.org/show/osvdb/72847
Changelog
[22.05.2011] - Initial release[23.05.2011] - Added reference [2], [3], [4] and [5]
[24.05.2011] - Added reference [6], [7] and [8]
[13.06.2011] - Added reference [9], [10], [11] and [12]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
