<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
I will publish a new release in a few days.<br>
<br>
Not sure if that will include the new UI on MyZendTo or not, depends
how quickly that gets done. If it's going to be more than a day or
two, I'll put out a new release without it, as we obviously want to
get this problem fixed a.s.a.p.<br>
<br>
Jules.<br>
<br>
On 23/05/2011 13:03, <a class="moz-txt-link-abbreviated" href="mailto:patrick.gaikowski@kaufland.com">patrick.gaikowski@kaufland.com</a> wrote:
<blockquote
cite="mid:OFC063AA82.2C64E668-ONC1257899.004232EA-C1257899.00424082@de.int.kaufland"
type="cite">
<p><font face="sans-serif" size="2">Hi Jules,</font><br>
<br>
<font face="sans-serif" size="2">will there be a patch or new
release?</font><br>
<br>
<font face="sans-serif" size="2">Mit freundlichen Grüßen / Best
regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:patrick.gaikowski@kaufland.com">patrick.gaikowski@kaufland.com</a><br>
KI 967800 IT International / Infrastruktur<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg</font><br>
<br>
<br>
<br>
<font face="sans-serif" size="2"><a moz-do-not-send="true"
href="http://www.kaufland.de">http://www.kaufland.de</a> </font><br>
<font face="sans-serif" size="2">Wir sind die Nr. 1:</font><br>
<font face="sans-serif" size="2">Kaufland ist "Bester
Lebensmittelmarkt 2011"!</font><br>
<br>
<font face="sans-serif" size="2">Kaufland Informationssysteme
GmbH & Co. KG</font><br>
<font face="sans-serif" size="2">Postfach 12 53 - 74149
Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Amtsgericht Stuttgart HRA 104163</font><br>
</p>
<ul style="padding-left: 18pt;">
<img src="cid:part1.07060708.05010009@Zend.To" alt="Inactive
hide details for Jules <Jules@zend.to>" border="0"
height="16" width="16"><font face="sans-serif" size="2">Jules
<a class="moz-txt-link-rfc2396E" href="mailto:Jules@zend.to"><Jules@zend.to></a></font>
</ul>
<br>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr valign="top">
<td width="40%">
<ul style="padding-left: 9pt;">
<font face="sans-serif" size="1"><b>Jules
<a class="moz-txt-link-rfc2396E" href="mailto:Jules@zend.to"><Jules@zend.to></a></b></font><font
face="sans-serif" size="1"> </font><br>
<font face="sans-serif" size="1">Gesendet von:
<a class="moz-txt-link-abbreviated" href="mailto:zendto-bounces@zend.to">zendto-bounces@zend.to</a></font>
<p><font face="sans-serif" size="1">23.05.2011 10:52</font>
<table border="1">
<tbody>
<tr valign="top">
<td bgcolor="#ffffff" width="168">
<ul style="padding-left: 0pt;">
<font face="sans-serif" size="1">Bitte
antworten an<br>
ZendTo Users <a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a></font>
</ul>
</td>
</tr>
</tbody>
</table>
</p>
</ul>
</td>
<td width="60%">
<table border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="66"><br>
</td>
<td width="100%"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="1"><br>
<font face="sans-serif" size="1">ZendTo Users
<a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a></font></td>
</tr>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="66"><br>
</td>
<td width="100%"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="1"><br>
</td>
</tr>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="66"><br>
<div align="right"><font face="sans-serif"
size="1">Thema </font></div>
</td>
<td width="100%"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="1"><br>
<font face="sans-serif" size="1">[ZendTo] Re:
Antwort: Re: Zendto is vulnerable for
SQL-Injection</font></td>
</tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr valign="top">
<td width="58"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="1"></td>
<td width="336"><img
src="cid:part2.07080504.01000301@Zend.To" alt=""
border="0" height="1" width="1"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<br>
<font face="serif" size="3"><br>
<br>
On 22/05/2011 15:09, </font><a moz-do-not-send="true"
href="mailto:patrick.gaikowski@kaufland.com"><font
color="#0000ff" face="serif" size="3"><u>patrick.gaikowski@kaufland.com</u></font></a><font
face="serif" size="3"> wrote: </font>
<ul style="padding-left: 36pt;">
<br>
<font face="sans-serif" size="2">Hi,</font><font face="serif"
size="3"><br>
</font><font face="sans-serif" size="2"><br>
we engaged a company for penetration testing of web
applications and thats why i tried to be prepared....</font><font
face="serif" size="3"><br>
</font><font face="sans-serif" size="2"><br>
I used the tool "burp suite" which is a http/https proxy for
intercepting web requests / responses. </font>
<ul style="padding-left: 36pt;" type="disc">
<li><font face="sans-serif" size="2">i made a dropoff request
without username / password --> only ReCaptcha</font></li>
</ul>
</ul>
<font face="serif" size="3">Definitely a bug, now fixed. Well
done!</font>
<ul style="padding-left: 72pt;" type="disc">
<li>
<br>
</li>
<li><font face="sans-serif" size="2">i intercepted the POST to
dropoff.php</font></li>
</ul>
<ul style="padding-left: 36pt;">
<font face="serif" size="3"><i><br>
(See attached file: dropoff)</i></font>
</ul>
<font face="serif" size="3">Great, XML, my favourite. :-)</font>
<ul style="padding-left: 72pt;" type="disc">
<li><font face="sans-serif" size="2">in the tool you can send
the POST to the repeating module and modify the POST</font><font
face="serif" size="3"> </font>
</li>
<li><font face="sans-serif" size="2">i was able the send the
upload a various times --> the limit will be the free
space on the host system --></font><font color="#ff0000"
face="sans-serif" size="2"> can be used for blow up the
system and perhaps crash the system</font></li>
</ul>
<font face="serif" size="3">If you don't complete the upload, then
you will be able to do that. Once the upload has finished, the
auth code should be removed (and now is! :-) (unless you're a
logged in user, at which point we can hunt you down anyway).<br>
I'm not particularly worried about attacks by logged in users.
They can just repeat the entire upload process as many times as
they like anyway, uploading either the same files or different
files each time.</font>
<ul style="padding-left: 72pt;" type="disc">
<li>
<br>
</li>
<li><font face="sans-serif" size="2">i was able to change for
example the email-address of the recipient (only the domain
defined in preferences.php) in the POST--> </font><font
color="#ff0000" face="sans-serif" size="2">can be used for
SPAM if the email domain is not configured correctly</font></li>
</ul>
<font face="serif" size="3">Agreed. You can indeed change the
email address of the recipient in the upload. But then again you
can just make your automated hacking system slightly more clever
and do multiple uploads to anyone you like in the the
preferences.php configured domain. So I am not worried about
that either.</font>
<ul style="padding-left: 36pt;">
<font face="sans-serif" size="2"><br>
Is it possible to limit the lifetime of the </font><font
color="#ff0000" face="sans-serif" size="2">auth-Parameter</font><font
face="sans-serif" size="2"> to only one request? </font>
</ul>
<font face="serif" size="3">Well spotted, yes that is a bug.
Fixed. That should take care of the multiple uploads exploits
you found above too.<br>
<br>
Many thanks for finding these for me, it is much appreciated!<br>
<br>
Cheers,</font><br>
<tt><font size="3">Jules<br>
<br>
-- <br>
Julian Field MEng CITP CEng<br>
</font></tt><a moz-do-not-send="true" href="http://www.zend.to/"><tt><font
color="#0000ff" size="3"><u>www.Zend.To</u></font></tt></a><tt><font
size="3"><br>
<br>
Follow me at twitter.com/JulesFM<br>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
B654<br>
<br>
'All programs have a desire to be useful' - Tron, 1982<br>
</font></tt><tt><font size="2">_______________________________________________<br>
ZendTo mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
</font></tt><tt><font size="2"><a moz-do-not-send="true"
href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></font></tt><br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'All programs have a desire to be useful' - Tron, 1982
</pre>
</body>
</html>