Recent Curesec Publications

FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF
2016 Nov 10

FUDforum 3.0.6: Multiple Persistent XSS & Login CSRF

FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to multiple persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. Additionally, FUDforum is vulnerable to Login-CSRF.  

Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags
2016 Nov 10

Jaws 1.1.1: Object Injection, Open Redirect, Cookie Flags

Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to various low to medium impact issues. It contains an Object Injection, which does not seem to be currently exploitable without custom changes made by users; its session cookies are not set to httpOnly, which may make it easier to exploit XSS issues; and it contains an Open Redirect issue.  

FUDforum 3.0.6: LFI
2016 Nov 10

FUDforum 3.0.6: LFI

FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the webuser has access to. Admin credentials are required.  

Security Implications of GET/POST Interchangeability
2016 Nov 03

Security Implications of GET/POST Interchangeability

This article will provide a short overview of the security implications of treating POST and GET requests interchangeably, thus allowing a POST to GET downgrade. It will conclude with possible solutions.  

Peel Shopping 8.0.2: Object Injection
2016 Sep 15

Peel Shopping 8.0.2: Object Injection

Peel Shopping is ecommerce software written in PHP. In version 8.0.2, it is vulnerable to Object Injection. Peel Shopping stores a PHP object in a cookie, which is then unserialized when received by the application. An attacker can send arbitrary PHP objects, and has thus a limited influence on the control flow of the application. This can for example lead to DOS attacks by creating an infinite loop.   

Kajona 4.7: XSS & Directory Traversal
2016 Sep 15

Kajona 4.7: XSS & Directory Traversal

Kajona is an open source CMS written in PHP. In version 4.7, it is vulnerable to multiple XSS attacks and limited directory traveral. The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection. The directory travseral issue gives information about which files exist on a system, and thus allows an attacker to gather information about a system.   

MyBB 1.8.6: CSRF, Weak Hashing, Plaintext Passwords
2016 Sep 15

MyBB 1.8.6: CSRF, Weak Hashing, Plaintext Passwords

MyBB 1.8.6 is vulnerable to login CSRF. Additionally, it stores passwords using weak hashing, and sends passwords via email in plaintext.  

MyBB 1.8.6: XSS
2016 Sep 15

MyBB 1.8.6: XSS

MyBB is forum software written in PHP. In version 1.8.6, it contains various XSS vulnerabilities, some of which are reflected and some of which are persistent. Some of them depend on custom forum or server settings. These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user.   

MyBB 1.8.6: SQL Injection
2016 Sep 15

MyBB 1.8.6: SQL Injection

MyBB is forum software written in PHP. In version 1.8.6, it is vulnerable to a second order SQL injection by an authenticated admin user, allowing the extraction of data from the database.   

MyBB 1.8.6: Improper validation of data passed to eval
2016 Sep 15

MyBB 1.8.6: Improper validation of data passed to eval

MyBB is forum software written in PHP. In version 1.8.6, it improperly validates templates that are passed to eval, allowing for the disclosure of the database password. If the database is writable from remote, it may also lead to code execution. An admin account is required.