The following CVE numbers have been assigned now: XSS issue: CVE-2018-11090 Arbitrary File Upload: CVE-2018-11091 On 2018-05-14 13:25, SEC Consult Vulnerability Lab wrote: > SEC Consult Vulnerability Lab Security Advisory < 20180514-0 > > ======================================================================= > title: Arbitrary File Upload & Cross-site scripting > product: MyBiz MyProcureNet > vulnerable version: 5.0.0 > fixed version: unknown > CVE number: - > impact: Critical > homepage: http://www.mybiz.net/ > found: 2018-01-29 > by: Ahmad Ramadhan Amizudin (Office Kuala Lumpur) > Fikri Fadzil (Office Singapore) > Wan Ikram (Office Kuala Lumpur) > Jasveer Singh (Office Kuala Lumpur) > SEC Consult Vulnerability Lab > > An integrated part of SEC Consult > Europe | Asia | North America > > https://www.sec-consult.com > > ======================================================================= > > Vendor description: > ------------------- > "MyBiz is a company fixated on developing technology which transforms the way > business is done online. At the intersection of what one business needs from > another is the potential for value to be created differently. This > intersection for the exchange of value requires technology but in > fundamentally very different ways from traditional enterprise systems. MyBiz > believes that the chemistry of business is the business relationships between > enterprises. The strength of the business relationship drives the success and > future of the business. MyBiz believes that these business relationships need > to be captured and orchestrated. MyBiz developed our proprietary Business > Relationship Network engine, a platform to capture business relationships as > data to drive new business services which create value efficiently." > > Source: http://www.mybiz.net/copy-of-our-story > > > Business recommendation: > ------------------------ > The vendor did not reply to our inquiries since February 2018 hence the issues > might still exist in current versions. > > SEC Consult recommends not use this product until a thorough security review > has been performed by security professionals and all identified issues have > been resolved. It is assumed that MyBiz products are affected by further > critical security issues. > > > Vulnerability overview/description: > ----------------------------------- > The identified vulnerabilities can be exploited after authentication but > the registration for the application is usually open for anyone. > > 1. Arbitrary File Upload > A malicious file can be uploaded to the webserver by an attacker. It is > possible for an attacker to upload a script to issue operating system > commands. > > This vulnerability occurs because an attacker is able to adjust the > "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary > extensions to the whitelist during the upload. > > For instance, if the extension .asp is added to the > "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server > accepts "secctest.asp" as legitimate file. Hence malicious files can be > uploaded in order to execute arbitrary commands to take over the server. > > > 2. Reflected Cross-site scripting > This vulnerability within "ProxyPage.aspx" allows an attacker to inject > malicious client side scripting which will be executed in the browser of > users if they visit the manipulated site. > > > Proof of concept: > ----------------- > The proof of concept has been removed as no patch is available. > > > Vulnerable / tested versions: > ----------------------------- > MyBiz MyProcureNet version 5.0.0 has been tested and found to be vulnerable. This > was the latest version available at the time of the test. > > > Vendor contact timeline: > ------------------------ > 2018-02-22: Contacting vendor through info@xxxxxxxxx (no response) > 2018-02-27: Request update from vendor (no response) > 2018-03-13: Trying to contact via web form http://www.mybiz.net/contact-us > (no response) > 2018-05-14: Public release of security advisory > > > Solution: > --------- > None > > > Workaround: > ----------- > None > > > Advisory URL: > ------------- > https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > SEC Consult Vulnerability Lab > > SEC Consult > Europe | Asia | North America > > About SEC Consult Vulnerability Lab > The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It > ensures the continued knowledge gain of SEC Consult in the field of network > and application security to stay ahead of the attacker. The SEC Consult > Vulnerability Lab supports high-quality penetration testing and the evaluation > of new offensive and defensive technologies for our customers. Hence our > customers obtain the most current information about vulnerabilities and valid > recommendation about the risk profile of new technologies. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Interested to work with the experts of SEC Consult? > Send us your application https://www.sec-consult.com/en/career/index.html > > Interested in improving your cyber security with the experts of SEC Consult? > Contact our local offices https://www.sec-consult.com/en/contact/index.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Mail: research at sec-consult dot com > Web: https://www.sec-consult.com > Blog: http://blog.sec-consult.com > Twitter: https://twitter.com/sec_consult > > EOF Ahmad Ramadhan / @2018 >
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature