CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities
Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 5.01 3.12
Advisory Publication: February 27, 2015
Latest Update: May 05, 2015
Vulnerability Type: Information Leak / Disclosure [CWE-200]
CVE Reference: CVE-2015-2214
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information
Credit and Writer: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Consultation Details:
(1) Vendor & Product Description:
Vendor:
NetCat
Product & Version:
NetCat
5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Vendor URL & Download:
NetCat can be accessed from here,
Product Introduction Overview:
NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card” with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section.”
“Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000.”
“We give a discount on any edition NetCat
We try to help our partners to enter into a close-knit team. To reduce your expenses on the development of a new system, we provide special conditions for the acquisition of commercial licenses NetCat, for a partner is assigned a permanent discount of 40%, which according to the results of further sales could be increased to 60%.”
“Teach your developers work with the secrets NetCat
In addition to the detailed documentation and video tutorials to new partners we offer a unique free service – direct contact with the developer from the team NetCat, which will help in the development of product development tools.”
“We give customers
Once you develop the three sites NetCat information about you appear in our ranking developers. This means that you not only begin to receive direct requests from clients but also become a member of tenders conducted by customers. In addition, if the partner is really good work, employees NetCat begin recommending it to clients requesting assistance in the choice of contractor.”
“We will help in the promotion of
The company is a regular participant NetCat large number of forums, seminars and conferences. We are happy to organize together with partners involved, help with advertising materials and share information for the report.”
“Confirmed its status in the eyes of customers
We have a very flexible system of certification of partners: we do not give certificates for the sale of licenses and for the developed sites. So, for example, to obtain a certificate “Development of corporate websites’ to add to your personal account three implementation of the appropriate type.”
(2) Vulnerability Details:
NetCat web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Netcat has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to important vulnerabilities.
(2.1) The first programming code flaw occurs at “&redirect_url” parameter in “netshop/post.php?” page.
References:
http://securityrelated.blogspot.com/2015/02/netcat-cms-full-path-disclosure.html
http://seclists.org/fulldisclosure/2015/Mar/8
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01740.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1645
http://lists.openwall.net/full-disclosure/2015/03/02/6
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142527117510514&w=2
http://marc.info/?l=full-disclosure&m=142527117510514&w=4
http://essayjeans.blog.163.com/blog/static/2371730742015411113047382/
http://www.weibo.com/1644370627/ChjMoA9hD?type=comment#_rnd1431315096193
http://homehut.lofter.com/post/1d226c81_6eae13a
Math Fascinated 