Search | Research | Contact Us Tuesday October 10, 2021
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 eBay And Amazon Still Vulnerable
  6 PEAR XML_RPC Library Remote Code Execution
  7 When Small Mistakes Can Cause Big Problems
  8 Woltlab Burning Board SQL Injection Vulnerability
  9 WordPress And Earlier Multiple Vulnerabilities
10 MySQL Eventum Multiple Vulnerabilities
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Security Issues In CGINews And CGIForum
December 14, 2021
Vendor : Markus Triska
Version : 1.07 And Possible Earlier & CGIForum 1.09
Risk : Weak Encryption & Info Disclosure

CGINews is a multi-user Web site news posting system written in Perl. Main features include: adding, updating, and deleting news entries, multi-user functionality, sections, access levels, logs, highly-configurable layout, file upload, binary attachments and more.

Weak Password Encryption:
The CGI News program does not use DES, MD5 or any other one way crypt algorithm. It instead uses a weak, decryptable method. Below is a script that can easily decrypt the passwords found in the programs *.pwl files. This issue is also present in CGIForum 1.09 by Markus Triska and can be used to decode CGIForum password files as well.

CGINews And CGIForum Password Decrypt Utility

Information Disclosure Vulnerability:
By default the users log files are viewable. username/username.log The only files not viewable by default are the .pwl files

Sat Dec 13 21:06:37 2003: jeiar changed password.
Sat Dec 13 21:10:21 2003: jeiar changed E-Mail/Syntax: test@blah/jeiar.
Sat Dec 13 21:10:54 2003: jeiar tried to change password.
Sat Dec 13 21:13:59 2003: jeiar uploaded file: C:\cmd.exe
Sat Dec 13 21:31:38 2003: jeiar uploaded file: C:\

You can add your own DES or MD5 encryption if you are familiar with PERL, and to solve the logfile problem simply add a .htaccess file that makes the directory not viewable. For example
AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
Require valid-user
The author plans on including this type of .htaccess file in future versions, but does not have any plans on changing or strengthening the encryption method.

James Bercegay of the GulfTech Security Research Team.