egix@karmainsecurity ~ $

Sharetronix <= 3.1.1 Two PHP Code Injection Vulnerabilities

• Software Link:

http://sharetronix.com

• Affected Versions:

Version 3.1.1 and probably other versions.

• Vulnerabilities Description:

  1. Input passed via the “activities_text” POST parameter to /services/activities/set is not properly sanitised before being used in a call to the preg_replace() PHP function with the e modifier in the /system/classes/class_post.php script. This can be exploited to inject and execute arbitrary PHP code.

  2. Input passed via the “comments_text” POST parameter to /services/comments/set is not properly sanitised before being used in a call to the preg_replace() PHP function with the e modifier in the /system/classes/class_postcomment.php script. This can be exploited to inject and execute arbitrary PHP code.

• Solution:

No official solution is currently available.

• Disclosure Timeline:

[06/11/2013] – Vendor notified

[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”

[05/12/2013] – Public disclosure

• CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5352 to these vulnerabilities.

• Credits:

Vulnerabilities discovered by Egidio Romano, Secunia Research.

• Original Advisory:

http://secunia.com/secunia_research/2013-08