PT-2012-53: Privilege Gaining in DataLife Engine Vulnerable softwareDataLife Engine Version: 9.7 and earlierApplication link: http://dle-news.ru/Severity levelSeverity level: Medium Impact: Privilege gaining Access Vector: Remote CVSS v2: Base Score: 6.8 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)CVE: not assignedSoftware descriptionDataLife Engine is a website management system.Vulnerability descriptionPositive Technologies experts have detected a session management vulnerability that allows attackers to conduct Session Fixation attack in DataLife Engine. Session cookies are not discarded that allows attackers to conduct the attack. The attacker with access to evil.host.ru sub domain (or using Cross-Site Scripting) is able to set Cookie: PHPSESSID=123; domain=.host.ru in user's browser and as logged in to dle.host.ru, the user can use 123 session that now has privileges of the authorized user. How to fixUpdate your software up to the latest version.Advisory status30.10.2012 - Vendor is notified 30.10.2012 - Vendor gets vulnerability details 19.01.2013 - Vendor releases fixed version and details 04.02.2013 - Public disclosureCreditsThe vulnerability has discovered by Timur Yunusov, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2012-53 http://dle-news.ru/bags/v97/1549-patchi-bezopasnosti-dlya-versii-97.html Reports on the vulnerabilities previously discovered by Positive Research:http://ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/
