"Textpattern is a free and open-source content management system based on PHP and MySQL, originally developed by Dean Allen and now developed by Team Textpattern. While it is often listed among weblogging tools, its aim is to be a general-purpose content management system suitable for deployment in many contexts."

    As far as content management systems go, it's fairly simple to install and it's also quite intuitive if you've used any of the other systems out there.  That said, it has a lot of little bugs that make me wonder what could be found if you really did a deep dive.  Everything I found is on the authenticated side but some of it can impact the unauthenticated visitor.


    Disclosure date:  08/26/19

    CVE-2019-15720

    CloudBerry Backup v6.1.2.34 and possibly older versions are vulnerable to local privilege escalation via the Pre and Post backup action.  With only user level access, the user can modify the backup plan and add a Pre backup action script which executes on behalf of NT AUTHORITY\SYSTEM.

    Cloudberry Lab was notified of this vulnerability on 8/23/19 and acknowledged the issue in the subsequent days.


    If it hasn't been obvious from my latest round of posts, I've been trying to improve my bug hunting skills. Essentially, I've been finding applications with recently disclosed vulnerabilities, installing the current version, and then hunting for more vulnerabilities. My thinking is that if there's one recent bug, there are probably more.  At the very least, I should be able to find a cross site scripting vulnerability (XSS).

    XSS is the equivalent of hacker graffiti but if you can steal the session cookie, you can possibly turn that into session hijacking and / or cross site request forgery (CSRF). That makes things a little more interesting than just an alert message.

    I saw a recently vulnerability discovered in Kimai which is a time tracking application. I fired up Kimai on a server and I started to poke around.


    Disclosure date:  08/19/19

    CVE-2019-15230

    LibreNMS v1.54 and possibly before are affected by numerous Cross Site Script vulnerabilities in the "Create User", "Inventory", "Add Device", "Notifications", "Alert Rule", "Create Maintenance", "Alert Template", and "Alert Template" sections of the admin console.  This could lead to cookie stealing and other malicious actions.  This vulnerability can be exploited with an authenticated account.  


    © 2020 sevenlayers.com