MySQL Eventum Multiple Input Validation Vulnerabilities
BID:12133
Info
MySQL Eventum Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 12133 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 30 2004 12:00AM |
| Updated: | Dec 30 2004 12:00AM |
| Credit: | sullo at cirt.net is credited with the discovery of these issues. |
| Vulnerable: |
MySQL AB Eventum 1.3.1 MySQL AB Eventum 1.3 MySQL AB Eventum 1.2.2 MySQL AB Eventum 1.2.1 MySQL AB Eventum 1.2 MySQL AB Eventum 1.1 |
| Not Vulnerable: |
MySQL AB Eventum 1.4 |
Discussion
MySQL Eventum Multiple Input Validation Vulnerabilities
MySQL Eventum is designed to be a software bug-tracking application. It is Web-based, implemented in PHP with a MySQL database back end. It is freely available for Unix, Apple Mac OS X, other Unix variants, and Microsoft Windows.
Multiple input validation vulnerabilities reportedly affect MySQL Eventum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic Web page content.
The issues specifically reported are cross-site scripting, a default, undocumented administrator account, and HTML injection vulnerabilities.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks.
MySQL Eventum is designed to be a software bug-tracking application. It is Web-based, implemented in PHP with a MySQL database back end. It is freely available for Unix, Apple Mac OS X, other Unix variants, and Microsoft Windows.
Multiple input validation vulnerabilities reportedly affect MySQL Eventum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic Web page content.
The issues specifically reported are cross-site scripting, a default, undocumented administrator account, and HTML injection vulnerabilities.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
MySQL Eventum Multiple Input Validation Vulnerabilities
No exploit is required to leverage any of these issues. The following proof of concepts have been provided:
http://www.example.com/index.php?err=3&email="><script>alert(document.cookie)</script>
http://www.example.com/forgot_password.php?email="><script>alert(document.cookie)</script>
No exploit is required to leverage any of these issues. The following proof of concepts have been provided:
http://www.example.com/index.php?err=3&email="><script>alert(document.cookie)</script>
http://www.example.com/forgot_password.php?email="><script>alert(document.cookie)</script>
Solution / Fix
MySQL Eventum Multiple Input Validation Vulnerabilities
Solution:
The vendor has released Eventum 1.4 to address these issues.
MySQL AB Eventum 1.1
MySQL AB Eventum 1.2
MySQL AB Eventum 1.2.1
MySQL AB Eventum 1.2.2
MySQL AB Eventum 1.3
MySQL AB Eventum 1.3.1
Solution:
The vendor has released Eventum 1.4 to address these issues.
MySQL AB Eventum 1.1
-
MySQL AB eventum-1.4.tar.gz
http://dev.mysql.com/get/Downloads/eventum/eventum-1.4.tar.gz/from/pic k
MySQL AB Eventum 1.2
-
MySQL AB eventum-1.4.tar.gz
http://dev.mysql.com/get/Downloads/eventum/eventum-1.4.tar.gz/from/pic k
MySQL AB Eventum 1.2.1
-
MySQL AB eventum-1.4.tar.gz
http://dev.mysql.com/get/Downloads/eventum/eventum-1.4.tar.gz/from/pic k
MySQL AB Eventum 1.2.2
-
MySQL AB eventum-1.4.tar.gz
http://dev.mysql.com/get/Downloads/eventum/eventum-1.4.tar.gz/from/pic k
MySQL AB Eventum 1.3
-
MySQL AB eventum-1.4.tar.gz
http://dev.mysql.com/get/Downloads/eventum/eventum-1.4.tar.gz/from/pic k
MySQL AB Eventum 1.3.1
-
MySQL AB eventum-1.4.tar.gz
http://dev.mysql.com/get/Downloads/eventum/eventum-1.4.tar.gz/from/pic k
References
MySQL Eventum Multiple Input Validation Vulnerabilities
References:
References:
- Bug #7551 - Eventum contains undocumented, active admin account (MySQL AB)
- Bug #7552 - Eventum Cross Site Scripting (XSS) (MySQL AB)
- CIRT-200404: MySQL Eventum 1.31 Cross Site Scripting (CIRT.net)
- CIRT-200405: MySQL Eventum 1.3.1 Default Vendor Account (CIRT.net)
- Eventum Home Page (MySQL AB)