ITAS Team discovered multiple vulnerabilities in ProjectSend

Home ITAS Team discovered multiple vulnerabilities in ProjectSend

ITAS Team discovered multiple vulnerabilities in ProjectSend

ITAS Team discovered multiple vulnerabilities in ProjectSend (a self-hosted application) as Blind SQL injection, insecure Direct Object Reference, Privilege Escalation, XSS, …
– The application constructs all or part of an SQL command using externally-influenced input from an frontend component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a backend component.
– The application does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Vulnerability information:
– Vulnerability : Blind SQL injection, Insecure Direct Object Reference,Privilege Escalation, XSS, …
– Vendor : ProjectSend (http://www.projectsend.org/)
– Link download : http://www.projectsend.org/#download
– Affected version: version r514 and maybe previous version
– Fix version: version r561
– Discovered by: Trần Đình Tiến – tien.d.tran@itas.vn và ITAS Security Team

Information disclosure:
– 28/02/2014: Detected vulnerability
– 01/03/2014: Inform the vendor
– 04/03/2014: Vendor confirmed
– 23/04/2014: Vendor releases patch
– 21/10/2014: ITAS Team publishes information

Reference:
https://www.facebook.com/projectsend/posts/694675447255931

Demonstration video

/ Blog / Tags: ,