Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
security [2009/12/21 14:18] greg |
security [2010/04/07 18:12] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
===Security Vulnerabilities=== | ===Security Vulnerabilities=== | ||
- | ==2009:1210 >> | + | ==2010:0317 >> disabling Sahana security ACL via stream module == |
+ | |||
+ | Ability to completely disable authentication via stream.php and commented | ||
+ | out module authentication code within it. | ||
+ | |||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | The patch for this vulnerability disallow the streaming module from disabling the Sahana ACL. | ||
+ | |||
+ | Code Commits: | ||
+ | trunk >> http:// | ||
+ | rel_0_6 >> http:// | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
+ | ==2009:1210 >> | ||
Cross site scripting can be achieved by modifying the URL in Sahana to inject foreign code into the page: | Cross site scripting can be achieved by modifying the URL in Sahana to inject foreign code into the page: | ||
Line 7: | Line 25: | ||
Phishing can be done through an IFrame also via URL modifications: | Phishing can be done through an IFrame also via URL modifications: | ||
- | http:// | + | http:// |
Link Injection can also be achieved: | Link Injection can also be achieved: | ||
- | http:// | + | http:// |
- | No patch has yet been created | + | The patch to this vulnerability cleanses the mod variable in lib_locale by making sure it meets the regular expression for a module' |
Code commits:\\ | Code commits:\\ | ||
- | rel_0_6 >> | + | rel_0_6 >> |
- | trunk >> | + | trunk >> |
- | + | \\ | |
- | + | \\ | |
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
==2009: | ==2009: | ||
Line 36: | Line 56: | ||
rel_0_6 >> http:// | rel_0_6 >> http:// | ||
trunk >> http:// | trunk >> http:// | ||
- | + | \\ | |
- | + | \\ | |
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
==2009: | ==2009: | ||
Line 53: | Line 75: | ||
rel_0_6 >> http:// | rel_0_6 >> http:// | ||
trunk >> http:// | trunk >> http:// | ||
- | + | \\ | |
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
+ | \\ | ||
==2009:1019 >> Null character URL Exploit== | ==2009:1019 >> Null character URL Exploit== | ||