e107 2.1.2: SQL Injection through Object Injection

23 Dec 2016 by Hendrik Buchwald

e107

The 23rd gift in our advent calendar presents security issues in e107, a content management system that is in development since 2013. Among others, we identified a critical issue that allows any user to update his permissions and to extract sensitive information from the database by exploiting a PHP object injection vulnerability.

Read More ...

AbanteCart 1.2.8 - Multiple SQL Injections

21 Dec 2016 by Martin Bednorz

AbanteCart

In our 21st advent calendar gift, we cover AbanteCart, a very popular e-commerce solution that just turned 5 years old last month. RIPS found multiple SQL injections, PHP object injections, and the complementary cross-site scriptings so that the more severe vulnerabilities can be exploited. Interestingly, the AbanteCart website was defaced just moments before we send out our analysis report to the development team.

Read More ...

OpenConf 5.30 - Multi-Step Remote Command Execution

17 Dec 2016 by Johannes Dahse

OpenConf

Today, we present a multi-step command execution vulnerability in the popular conference management software OpenConf. The vulnerability was reported and fixed a while ago, but the chain of 4 exploitation steps involved makes it a very interesting vulnerability sample for our advent calendar. 4 - 3 - 2 - 1 …

Read More ...

Redaxo 5.2.0: Remote Code Execution via CSRF

16 Dec 2016 by Robin Peraglie

Redaxo CMS

Redaxo 5.2.0 is the latest release of a simple content management system that is mostly used in Germany. Today we are going to present our scan results for Redaxo and explain how completely omitting anti-CSRF measures can have a significant security impact.

Read More ...

Guest Post: Vtiger 6.5.0 - SQL Injection

15 Dec 2016 by Dennis Detering

Vtiger

The Vtiger CRM is an open source Customer Relationship Management software developed by Vtiger. With more than 4.5 million downloads on SourceForge it enjoys great popularity. Some weeks ago, I had the chance to play with RIPS and test its features - and was invited as guest author to write this post. As I did some manual research of the Vtiger CRM before and already found several vulnerabilities, I decided to use it for my first experiments with RIPS.

Read More ...