Executive Overview ------------------ Cloisterblog, a general usage web blog written in perl suffers from multiple XSS and directory transversal issues as well as a design flaw in the admin section. Program Description -------------------- Cloisterblog (http://www.circleofthunder.com/journal/cloisterblog-1.2.2.tar.gz) "CloisterBlog is simple but feature packed Web-based journal system that does not require MySQL or manual modification of files" Issue(s) ------- Cloisterblog doesn't do any parameter checking on inputs, this leads to the multiple XSS and directory transversal issues. In addition, the admin section of the blog never actually checks the user id of the user, only the password. In addition, no sort of logging is performed on this parameter, so it is readable suspectable to brute forcing. Example(s)/code --------- /cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00 from journal_admin.pl sub validateUser { $password = $passfile[0]; chomp($password); chomp($pass); if ($pass eq $password) { return 1; } else { return 0; } } ($user which is declared in journal_admin.pl is never used) Remedy/Fixe(s) -------------- None, delete the blog and either write your own or choose another Vendor status ------------- Non Responsive, despite waiting nearly twice as long as we normally do for at least a "screw you" reply, the authors have not replied, nor released an updated version. we waitied this long because it appears the author runs the software him/her self. --0-0-0 Badcode.org