WeBid Bug Tracking

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000286WeBid[All Projects] Generalpublic2011-06-22 14:262011-08-14 13:12
ReporterEgiX 
Assigned To 
Priority@0@SeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version1.0.2 
Target VersionFixed in Version1.0.3 
Summary0000286: Multiple Security Vulnerabilities
DescriptionHi, I'm EgiX.

I found some security vulnerabilities in WebId (I've tested only 1.0.2 version). I've tried to report this issues through "Contact Us" form, but I haven't received replies. So yesterday I've posted my issues to the http://sourceforge.net/apps/mantisbt/simpleauction/view.php?id=34" [^" title="]bugtrack">]bugtrack.

I think this are critical security flaws, so I decided not to publish exploits in the absence of a patch but a responsible disclosure to you.
TagsNo tags attached.
import_id288
Thread
Attached Files

- Relationships

-  Notes
(0000744)
EgiX (reporter)
2011-06-22 14:45
edited on: 1970-01-01 00:00

I noticed that http://www.autosectools.com/Advisory/WeBid-0.8.5P1-Local-File-Inclusion-63" [^" title="]this vulnerability ">]this vulnerability (found in 0.8.5P1 version) Isn't still patched, the vulnerable code is:
http://simpleauction.svn.sourceforge.net/viewvc/simpleauction/WeBid/trunk/includes/messages.inc.php?revision=296&view=markup#l18[/CODE] [^]

Input passed through $_GET['lan'] or $_COOKIE['USERLANGUAGE'] parameter is not properly sanitised before being used to include files on line 46. This can be exploited to include arbitrary local files.
(0000749)
renlok (administrator)
2011-06-22 22:08
edited on: 1970-01-01 00:00

Cheers for posting this ive posted fixed at http://www.webidsupport.com/forums/showthread.php?3892-Important-security-patches&p=19598#post19598[/url] [^] but when im on my computer ill upload a new package with all the fixes included

- Issue History
Date Modified Username Field Change
2015-04-01 13:17 renlok New Issue
2015-04-01 13:17 renlok import_id => 288
2015-04-01 13:17 renlok Date Submitted 2015-04-01 13:17 => 2011-06-22 14:26
2015-04-01 13:17 renlok Last Update 2015-04-01 13:17 => 2011-08-14 13:12


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker