Gents, Our CTO discovered two vulnerabilities in a well-known CMS product named SPIP : - a local path disclosure (all SPIP version) - and an SQL injection (SPIP 1.9.2 branch) Technical information were notified to the SPIP-Team for fixes (responsible disclosure, with fixes included). SPIP is now patched and latest version can be downloaded (see further). If you want more 0days and more offensive tricks, check how to join us through the end of this email ;) *About the SPIP vulnerabilities* == Background: SPIP is a publishing system for the Internet in which great importance is attached to collaborative working, to multilingual environments, and to simplicity of use for web authors. == 1st Security Advisory: TEHTRIS-SA-2011-011 -- Title: SQL Injection in SPIP 1.9.2j -- Affected Vendors: SPIP (www.spip.net) -- Affected Product: SPIP -- Versions: 1.9.2j -- CVE-ID: linked to CVE-2008-5813 == 2nd Security Advisory: TEHTRIS-SA-2011-010 -- Title: Local Path Disclosure in all SPIP version -- Affected Vendors: SPIP (www.spip.net) -- Affected Product: SPIP -- Versions: 1.9.2j, 2.0.15, 2.1.10 == Credits: Discovered by _Laurent Estieux_ CTO TEHTRI-Security == Update your CMS: http://www.spip.net/en_article5265.html == Vulnerability reference (in french) : http://www.spip-contrib.net/SPIP-1-9-2k-2-0-16-2-1-11-et-3-0-0-beta-disponibles == Other references: http://www.spip.net/rubrique33.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5813 *About TEHTRI-security* [w] http://www.tehtri-security.com [m] web@tehtri-security.com [t] @tehtris *Join us for live hacking sessions* - OCT 2011 / Hack In The Box / Kuala Lumpur, Malaysia Training: "Hunting Web Attackers" [w] http://conference.hitb.org/hitbsecconf2011kul/?page_id=274 => 0days included - don't use them at home, kids :) ==> Sorry: HITB Classroom already FULL - DEC 2011 / Black Hat / Abu Dhabu, UAE Training: "Advanced PHP Hacking" [w] https://www.blackhat.com/html/bh-ad-11/training/bh-ad-11-training_PHP.html => 0days included - don't use them at home, kids :) - FEB 2012 / Hack In The Box GSEC / Mumbai, India Training "Strategic Cyber Attacks,Advanced Persistent Threats & Beyond" [w] http://gsec.hitb.org/?p=134 => 0days included - don't use them at home, kids :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/