咬定青山不放松,立根原在破岩中。千磨万击还坚劲,任尔东西南北风

© 竹意 | Powered by LOFTER

CVE-2015-2209 - DLGuard Full Path Disclosure (Info

来自:tetraph

CVE-2015-2209 - DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities - tetraph - Tetraph  的博客

 


CVE-2015-2209 - DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities




Exploit Title: DLGuard "/index.php?" "&c" parameter Full Path Disclosure Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions: v4.5

Tested Version: v4.5

Advisory Publication: January 18, 2015

Latest Update: March 20, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: CVE-2015-2209

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)







Recommendation Details:



(1) Vendor & Product Description:



Vendor:

DLGuard



Product & Version:

DLGuard

v4.5



Vendor URL & Download:

DLGuard can be obtained from here,

http://www.dlguard.com/dlginfo/index.php



Product Introduction Overview:

“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don't have the time for."



"DLGuard supports the three types, or methods, of sale on the internet:

<1>Single item sales (including bonus products!)

<2>Multiple item sales

<3>Membership websites"



"DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal's E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before."






(2) Vulnerability Details:

DLGuard web application has a computer security bug problem. It can be exploited by information leakage attacks - Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.


Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to important vulnerabilities.


(2.1) The first bug flaw occurs at "&c" parameter in “index.php?” page.








References:

http://seclists.org/fulldisclosure/2015/Feb/67

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01702.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1606

http://lists.openwall.net/full-disclosure/2015/02/18/5

https://www.bugscan.net/#!/x/21288

http://packetstormsecurity.com/files/authors/11270

http://www.tetraph.com/blog/information-leakage-vulnerability/cve-2015-2209-dlguard-full-path-disclosure/

http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=2&w=2

https://www.facebook.com/permalink.php?story_fbid=831917900176921&id=767438873291491

http://ithut.tumblr.com/post/118694258318/cve-2015-2209-dlguard-full-path-disclosure

https://computertechhut.wordpress.com/2015/05/11/cve-2015-2209-dlguard-full-path-disclosure-information-leakage-web-security-vulnerabilities/

http://russiapost.blogspot.ru/2015/05/cve-2015-2209-dlguard-full-path.html

https://plus.google.com/100242269120759811496/posts/fTMm4nvGvjx

http://tetraph.blog.163.com/blog/static/234603051201541193034183/

http://www.weibo.com/5337321538/ChnJKf55t?

http://itprompt.blogspot.com/2015/05/cve-2015-2209-dlguard-full-path.html

http://webtech.lofter.com/post/1cd3e0d3_6ed0fdc

https://twitter.com/buttercarrot/status/597757492098048000



 
评论
 
回到顶部