CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities

hacker1

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities



Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions: v4.5

Tested Version: v4.5

Advisory Publication: January 18, 2015

Latest Update: March 20, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: CVE-2015-2209

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)

 
 
 
 

Consultation Details:

 

(1) Vendor & Product Description:

 

Vendor:

DLGuard

 

Product & Version:

DLGuard

v4.5

 

Vendor URL & Download:

DLGuard can be obtained from here,

http://www.dlguard.com/dlginfo/index.php

 

Product Introduction Overview:

“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don’t have the time for.”

 

“DLGuard supports the three types, or methods, of sale on the internet:

Single item sales (including bonus products!)

Multiple item sales

Membership websites”

 

“DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal’s E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before.”

 

(2) Vulnerability Details:

DLGuard web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to important vulnerabilities.


(2.1) The first bug flaw occurs at “&c” parameter in “index.php?” page.

 

 

References:

 

 

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

computer-security-640x277

 

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

Exploit Title: CVE-2015-2066 DLGuard /index.php c parameter SQL Injection Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions: v4.5

Tested Version: v4.5

Advisory Publication: February 18, 2015

Latest Update: May 01, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: CVE-2015-2066

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)






Caution Details:

(1) Vendor & Product Description:

Vendor:

DLGuard

Product & Version:

DLGuard

v4.5

Vendor URL & Download:

DLGuard can be downloaded from here,

http://www.dlguard.com/dlginfo/index.php

Product Introduction Overview:

“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don’t have the time for.”

“DLGuard supports the three types, or methods, of sale on the internet:

<1>Single item sales (including bonus products!)

<2>Multiple item sales

<3>Membership websites”

“DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal’s E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before.”


(2) Vulnerability Details:

DLGuard web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has phase, votes, comments and proposed details related to important vulnerabilities.

(2.1) The bug programming flaw vulnerability occurs at “&c” parameter in “index.php?” page.

 
 
 
 

References:

http://seclists.org/fulldisclosure/2015/Feb/69

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01703.html

https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1607

http://lists.openwall.net/full-disclosure/2015/02/18/6

http://marc.info/?a=139222176300014&r=1&w=4

http://www.tetraph.com/blog/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://www.inzeed.com/kaleidoscope/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/sql-injection-vulnerability/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

https://plus.google.com/u/0/107140622279666498863/posts/44pDNaZao8v

https://inzeed.wordpress.com/2015/05/10/cve-2015-2066-dlguard-sql-injection-web-security-vulnerabilities/

http://inzeed.tumblr.com/post/118657947101/cve-2015-2066-dlguard-sql-injection-web-security

http://tetraphlike.lofter.com/post/1cf5a072_6ea70f7

http://germancast.blogspot.de/2015/05/cve-2015-2066-dlguard-sql-injection-web.html

https://www.facebook.com/permalink.php?story_fbid=424571707715058&id=361076084064621

http://blog.163.com/greensun_2006/blog/static/11122112201541193421290/

https://twitter.com/tetraphibious/status/597577800023838720

http://www.weibo.com/3973471553/Chj5OFIPk?from=page_1005053973471553_profile&wvr=6&mod=weibotime&type=comment#_rnd1431308778074

 

 

 

 

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

2607064191

 
About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。

 

根据漏洞研究者发布的结果POC视频,所有About.com的话题(子域名)都可以被攻击者利用。

 

新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。

 

与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox (34.0), Ubuntu (14.04) 的 Google Chromium 39.0.2171.65-0, 以及 Mac OS X Lion 10.7 的 Apple Safari 6.1.6 上进行的。

 

XSS (Cross- site Scripting) 可以用来窃取用户信息,控制用户浏览器,和进行 DOS (Denial of Service) 攻击。 XFS (Cross-frame Scripting) 也叫 iFrame Injection,可以修改用户浏览器页面内容。

 

在发布漏洞的同时,王晶还说明因为 About Group 的普遍性,它的漏洞可以用来对其他网站进行隐蔽重定向攻击 (Covert Redirect);XFS 则可以用来对计算机和网络进行 DDOS (Distributed Denial of Service) 黑客攻击。这些漏洞发布在著名漏洞平台 Full-Disclosure 上和他的个人博客上。

 

王晶是一名学生安全研究人员。他发布了包括谷歌,脸书,亚马逊,阿里巴巴,电子湾,领英等多家公司网站的重要漏洞以及大量网络应用程序的补丁。
 

 
 
 

相关新闻:
http://www.zdnet.com/article/over-99-percent-of-about-com-links-vulnerable-to-xss-xfs-iframe-attack/
http://www.securityweek.com/xss-xfs-open-redirect-vulnerabilities-found-aboutcom
http://securityaffairs.co/wordpress/33070/hacking/com-affected-xss-xfs-open-redirect-vulnerabilities-since-october-2014.html
http://packetstormsecurity.com/files/130211/About.com-Cross-Site-Scripting.html
http://www.zoomit.ir/it-news/security/17394-about-com-links-vulnerable-to-xss-xfs
http://itsecurity.lofter.com/post/1cfbf9e7_6f05a63
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://securitypost.tumblr.com/post/118837857592/about-group-99-88-xss-xfs-about
http://www.inzeed.com/kaleidoscope/computer-security/about-group-xss-xfs/
https://www.secnews.gr/99percent-about-xss-xfs-attack-exploit
http://www.decomoadesinstalar.com/abrir-codigo-iframe-xss-xfs-ataque-mas-del-99-por
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1547
http://www.40kalagh.net/about-grope-xss-and-xfs
http://blog.norsecorp.com/2015/02/03/about-com-platform-rife-with-xss-and-iframe-injection-vulnerabilities/

醉清風 – 弦子 – 唯美空靈的音樂

wind_blowing

醉清風 – 弦子 – 唯美空靈的音樂

喜歡醉清風空靈的意境,明月,清風,孤人,琴聲,把酒當歌,令人陶醉
特制作壹視頻,以為回憶。萬事萬物,誰是誰非,誰又能說清道明

歌曲 & 歌詞
醉清風 歌手:張弦子

月色正朦朧
與清風把酒相送
太多的詩頌
醉生夢死也空
和妳醉後纏綿
妳曾記得
亂了分寸的心動
怎麼只有這首歌
會讓妳輕聲合
醉清風
夢境的虛有
琴聲壹曲相送
還有沒有情濃
風花雪月顏容
和妳醉後纏綿
妳曾記得
亂了分寸的心動
蝴蝶去向無影蹤
舉杯消愁意正濃
無人寵
是我想得太多
猶如飛蛾撲火那麼沖動
最後
還有壹盞燭火
燃盡我
曲終人散
誰無過錯
我看破

月色正朦朧 與清風把酒相送
太多的詩頌 醉生夢死夜空
和妳醉後纏綿
妳曾記得
夢境的虛有琴聲壹曲相送
還有沒有情濃風花雪月顏容
和妳醉後纏綿
妳曾記得
夢境的虛有
琴聲壹曲相送
還有沒有情濃
風花雪月顏容
和妳醉後纏綿
妳曾記得
亂了分寸的心動
蝴蝶去向無影蹤
舉杯消愁意正濃
無人寵
是我想得太多
猶如飛蛾撲火那麼沖動
最後
還有壹盞燭火
燃盡我
曲終人散
誰無過錯
我看破

 

制作: 谷雨 (Essayjeans)
圖片: 來自網上
http://www.tetraph.com/blog/category/essayjeans/

視頻地址:
https://www.youtube.com/watch?v=YG4sjOX6XOA&feature=youtu.be

歌詞鏈接:
https://redysnowfox.wordpress.com/2015/03/11/

推特:
https://twitter.com/buttercarrot/status/575186127474196481

樂乎
http://testingcode.lofter.com/post/1cd26eb9_6262d40

 

 

蜀繡 – 李宇春 – 唯美中文音樂風 – 好聽的音樂

blowing_in_the_wind__2896x1348

 

 

非常喜歡唯美的歌詞。“蜀繡” 曲調旋律悠揚清爽,歌者的聲音也溫暖悠揚,有著濃郁的中國情。大氣又感人至深。開始的­呢噥輕吟淺唱到慢慢綻放,如壹朵花壹洋的慢慢開放。總之,好聽。因為以前經常聽,特制作這個視頻來回憶­大學生活,逝去的青春 。
 
 
歌曲 & 歌詞
演唱:李宇春
作詞: 郭敬明
 
芙蓉城三月雨紛紛 四月繡花針
羽毛扇遙指千軍陣 錦緞裁幾寸
看鐵馬踏冰河 絲線縫韶華 紅塵千帳燈
山水壹程風雪再壹程
紅燭枕五月花葉深 六月杏花村
紅酥手青絲萬千根 姻緣多壹分
等殘陽照孤影 牡丹染銅樽 滿城牧笛聲
伊人倚門望君踏歸程
君可見刺繡每壹針 有人為妳疼
君可見牡丹開壹生 有人為妳等
江河入海奔 萬物為誰春
明月照不盡離別人
君可見刺繡又壹針 有人為妳疼
君可見夏雨秋風 有人為妳等
翠竹泣墨痕 錦書畫不成
情針意線繡不盡 鴛鴦枕
此生笑傲風月瘦如刀 催人老
來世與君暮暮又朝朝 多逍遙
芙蓉城三月雨紛紛 四月繡花針
羽毛扇遙指千軍陣 錦緞裁幾寸
看鐵馬踏冰河 絲線縫韶華 紅塵千帳燈
山水壹程風雪再壹程
紅燭枕五月花葉深 六月杏花村
紅酥手青絲萬千根 姻緣多壹分
等殘陽照孤影 牡丹染銅樽 滿城牧笛聲
伊人倚門望君踏歸程
君可見刺繡每壹針 有人為妳疼
君可見牡丹開壹生 有人為妳等
江河入海奔 萬物為誰春
明月照不盡離別人
君可見刺繡又壹針 有人為妳疼
君可見夏雨秋風有人 為妳等
翠竹泣墨痕 錦書畫不成
情針意線繡不盡 鴛鴦枕
繞指柔破錦千萬針 杜鵑啼血聲
芙蓉花蜀國盡繽紛 轉眼塵歸塵
戰歌送離人 行人欲斷魂
濃情蜜意此話當真
君可見刺繡每壹針 有人為妳疼
君可見牡丹開壹生 有人為妳等
江河入海奔 萬物為誰春
明月照不盡離別人
君可見刺繡又壹針 有人為妳疼
君可見夏雨秋風有人 為妳等
翠竹泣墨痕 錦書畫不成
情針意線繡不盡 鴛鴦枕
翠竹泣墨痕 錦書畫不成
情針意線繡不盡 鴛鴦枕

 

 

制作: 谷雨 (Essayjeans)
圖片: 來自網上
http://www.tetraph.com/blog/category/essayjeans/

視頻地址:
https://www.youtube.com/watch?v=bYIoXRcf34U&feature=youtu.be

歌詞鏈接:
https://zuiyuxiang.wordpress.com/2015/03/11/

推特:
https://twitter.com/buttercarrot/status/575192104248328193