AOH :: HP Unsorted S :: C07-2170.HTM

SQL-Ledger and LedgerSMB arbitrary code execution through redirects



Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects
Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects



This is a multi-part message in MIME format.
--------------020601030303090302020401
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Separate from CVE-2006-5872, there is a possibility of causing arbitrary 
code execution during redirects.  This requires a valid login to exploit 
and was discovered and brought to the attention of both the SQL-Ledger 
and LedgerSMB team in November.  LedgerSMB 1.1.5 corred the problem, but 
it is still not corrected in SQL-Ledger.

There is no workaround to prevent the problem except to hope that those 
who are using vulnerable software can be trusted.

I will be sending a full disclosure of the problem, as well as an 
unofficial patch to SQL-Ledger in a week.

Best Wishes,
Chris Travers
Metatron Technology Consulting

--------------020601030303090302020401
Content-Type: text/x-vcard; charset=utf-8;
 name="chris.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="chris.vcf"

begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:chris@metatrontech.com 
tel;work:509-888-0220
tel;cell:509-630-7794
x-mozilla-html:FALSE
version:2.1
end:vcard


--------------020601030303090302020401--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.