Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Full-Disclosure] Malicious post by "Manip"
From: Andrew Schmadeke (schmadmiller-group.net)
Date: Sat Jul 03 2004 - 04:07:33 CDT
The Security Alert on Centre by the Miller Group seems to have been
Two of the three vulnerabilities do not exist, and the first one is an
The link posted demonstrating the first vulnerability actually portrays
the correct behavior of the program.
modfunc=create_account&staff&username=admin&staff_id=new points to a
page that allows parents and teachers to request access to the program.
This program was meant to be open to the public, and, in fact, the
extra information at the end of the URL
(&staff&username=admin&staff_id=new) does not affect the program's
performance. As you can see,
the same as the URL provided by Manip.
http://demo.miller-group.net/index.php?modfunc=create_account is also a
link from the Centre login screen titled "Create Account." There is no
way to run any other program in Centre without being authenticated.
Also, the third "vulnerability" is not an issue. All variables in SQL
statements are encapsulated by single quotes, and Centre expects PHP's
magic quotes to be on. Furthermore, single quotes are replaced by
double single quotes (which cancels the single quote -- same behavior
as \'). So, SQL injection is impossible in every module of Centre.
This is obvious throughout the code.
Finally, Manip's second vulnerability did exist in Centre up until
Version 1.0. This was not a major vulnerability, since the malicious
code had to be somewhere on the server running Centre. However, this
vulnerability has been dealt with in Version 1.01, released today. Any
program not allowed to a user (or any program not in Centre) cannot be
run. And, the username and IP address of whomever attempts to run it
are captured by the system.
The Miller Group
Full-Disclosure - We believe in it.