Home » Articles » Security
Spin-off sites Critical security issues are not patched yet.
Published on 03/29/07 at 00:36:12 by On
Security
21/01/2009: Gary McKinnon, the "Alien Perl hacker" extradition case on hold.
10/01/2009: Content management systems and social networks privacy issues.
17/12/2008: Microsoft admits critical security flaw - Security Experts worldwide: Stop using Internet Explorer
23/10/2008: Google introduces security warning alerts for open source CMS built sites.
20/10/2008: CMS Open Source security versus obscurity
SecurityThree weeks have passed since WebAPP Spin-off sites were informed and shown in situ of critical security issues. These issues are still not patched.

Monty53, a white hat hacker from Turkey informed in our security forums that it was and still is only the spin-off sites versions that can be defaced with this issue while in mean time several security sites were affirming today that the WebAPP scripts spin-off versions (that is WebAPP script NOT downloaded from here at web-app.net are vulnerable to complex multiple unspecified vulnerabilities   with unknown impact and attack vectors.

These vulnerabilities allow remote attackers to obtain admin access by modifying cookies and performing certain consecutive actions, due to a cross-site request forgery (CSRF) vulnerability.

The discussion of the issue at the vendor site further clarifies that there is no patch made for the issue yet:


(of concern to the hacked site, the site address is blured).

I have had earlier today a chat with the hacker who discovered this exploit, Monty53 (a white hat hacker from Turkey). He said that the issues are related to XSS and cookies exploit and are very complex and not simple to fix, however he also said that none of the original releases made by the official WebAP website ( http://www.web-app.net... external link ) are vulnerable to these issues, while all releases made by the spin-off site since its first release are vulnerable to these issues, this includes all versions from 0.9.9.4 to 0.9.6.6 patched or not patched.

I would like to advice again to all of you to avoid using WebAPP spin-off versions and always download your original script here.

2 comments, (19460 reads) All Articles by, On
 
Printer Friendly version - Spin-off sites Critical security issues are not patched yet.  Log in to use this feature 
Sign Up
Comments on this article: Comments on this article:

1. The Blind Leading The Blind Written on 03/29/07 at 04:01:04 by Ted

2. re: The Blind Leading The Blind Written on 03/29/07 at 06:31:55 by On





The comments are owned by the poster. We aren't responsible for its content.
Only registered members may comment on articles.
Login / Register
V
Username:

Password:

Remember Me?


Forgot password?
Register?

Main Menu
 * Home
 * Recent Discussions
 * Articles
 * Forums
 * Links
 * Downloads
 * Top 10
 * Palm Pilot
 * User Help Docs
 * Download WebAPP
Online Now
V
139 Members/Guests
From: 13 countries
Online Now.
Log in to see who's on.

Most ever on: 896
Membership: 7300

New Users:
  inforec
  hakki
  roog
  bagchun
  sk8ash
  moral
  FranksGuitar
  bahmanz
  TCS
  ferda