谷雨 醉心 冬小麦

生活要坚强,自信
如同冬天的小麦一样散发生机
遇雨更青翠

文豆 & 文库:

IT 计算机信息网络安全技术:

IT 计算机&信息网络 技术:

Web Technology:

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities


Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities

Product: DLGuard

Vendor: DLGuard

Vulnerable Versions: v4.5

Tested Version: v4.5

Advisory Publication: January 18, 2015

Latest Update: March 20, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: CVE-2015-2209

Impact CVSS Severity (version 2.0):CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)Impact Subscore: 2.9Exploitability Subscore: 10.0CVSS Version 2 Metrics:Access Vector: Network exploitableAccess Complexity: LowAuthentication: Not required to exploitImpact Type: Allows unauthorized disclosure of information

Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)

 






Consultation Details:



(1) Vendor & Product Description:



Vendor:

DLGuard



Product & Version:

DLGuard

v4.5



Vendor URL & Download:

DLGuard can be obtained from here,

http://www.dlguard.com/dlginfo/index.php



Product Introduction Overview:

“DLGuard is a powerful, yet easy to use script that you simply upload to your website and then rest assured that your internet business is not only safe, but also much easier to manage, automating the tasks you just don’t have the time for.”



“DLGuard supports the three types, or methods, of sale on the internet:

<1>Single item sales (including bonus products!)

<2>Multiple item sales

<3>Membership websites”



“DLGuard is fully integrated with: PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, Click2Sell, Mal’s E-Commerce, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro, and even tracks your free product downloads. The DLGuard built-in Shopping Cart offers Paypal, Authorize.net, and 2Checkout payment options. The Membership areas allow Paypal, Clickbank, 2Checkout, and LinkPoint recurring billing as well as linking to any PayPal, ClickBank, 2Checkout, Authorize.Net, WorldPay, AlertPay, Ebay, PayDotCom, E-Gold, 1ShoppingCart, E-Bullion, LinkPoint, PagSeguro, CCBill, CommerseGate, DigiResults, FastSpring, JVZoo, MultiSafePay, Paypal Digital Goods, Plimus, RevenueWire/SafeCart, SWReg, WSO Pro single sale and free products so that people who buy your products can access your members area. DLGuard is the perfect solution to secure your single sale item, such as a niche marketing website, software sales, ebook sales, and more! DLGuard not only protects your download page, but it makes setting up new products, or making changes to existing products so much quicker and easier than before.”






(2) Vulnerability Details:

DLGuard web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

 

Several similar products vulnerabilities have been found by some other bug hunter researchers before. DLguard has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to important vulnerabilities.


(2.1) The first bug flaw occurs at “&c” parameter in “index.php?” page.



 

 

 

 

 

References:

http://seclists.org/fulldisclosure/2015/Feb/67

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01702.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1606

http://lists.openwall.net/full-disclosure/2015/02/18/5

https://www.bugscan.net/#!/x/21288

http://packetstormsecurity.com/files/authors/11270

http://www.tetraph.com/blog/information-leakage-vulnerability/cve-2015-2209-dlguard-full-path-disclosure/

http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=2&w=2

https://www.facebook.com/permalink.php?story_fbid=831917900176921&id=767438873291491

http://ithut.tumblr.com/post/118694258318/cve-2015-2209-dlguard-full-path-disclosure

https://computertechhut.wordpress.com/2015/05/11/cve-2015-2209-dlguard-full-path-disclosure-information-leakage-web-security-vulnerabilities/

http://russiapost.blogspot.ru/2015/05/cve-2015-2209-dlguard-full-path.html

https://plus.google.com/100242269120759811496/posts/fTMm4nvGvjx

http://tetraph.blog.163.com/blog/static/234603051201541193034183/

http://www.weibo.com/5337321538/ChnJKf55t?

http://itprompt.blogspot.com/2015/05/cve-2015-2209-dlguard-full-path.html

http://webtech.lofter.com/post/1cd3e0d3_6eafc8b

https://twitter.com/buttercarrot/status/597757492098048000


评论

热度(19)