It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

ATS Site Vulnerabilities

page: 1
6

log in

join
share:

posted on Sep, 22 2020 @ 05:14 PM
link   
Was checking out this tool from shodan.io showing open ports for a given IP address. For fun, I decided to check out ATS. Well, turns out ATS has a staggeringly long list of current vulnerabilities, some dating back 10 years or more.



CVE-2018-10549 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '�' character.

CVE-2014-5459 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

CVE-2010-4645 strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308


[removed excessive quoting]


Continued
edit on Tue Sep 22 2020 by DontTreadOnMe because: (no reason given)




posted on Sep, 22 2020 @ 05:15 PM
link   
[removed excessive quoting]
edit on Tue Sep 22 2020 by DontTreadOnMe because: (no reason given)



posted on Sep, 22 2020 @ 05:16 PM
link   
IMPORTANT: Using Content From Other Websites on ATS
Posting work written by others
edit on Tue Sep 22 2020 by DontTreadOnMe because: (no reason given)



posted on Sep, 22 2020 @ 05:17 PM
link   
IMPORTANT: Using Content From Other Websites on ATS
Posting work written by others
edit on Tue Sep 22 2020 by DontTreadOnMe because: (no reason given)



posted on Sep, 22 2020 @ 05:19 PM
link   
[removed excessive quoting]

Phew, end of the list..finally

Some of these are pretty scary, there's buffer overflows a plenty, tons of opportunities for remote code execution, account escalation exploit vulnerabilities and even unauthorized file system access.
edit on 22/9/2020 by dug88 because: (no reason given)

edit on Tue Sep 22 2020 by DontTreadOnMe because: (no reason given)



posted on Sep, 22 2020 @ 05:25 PM
link   
a reply to: dug88

What version of php is the site running? Im too lazy to get on my puter to check.



posted on Sep, 22 2020 @ 05:28 PM
link   
a reply to: drewlander

Nvm. 5.3. Thats crazy. Deprecated for a long time now.



posted on Sep, 22 2020 @ 05:28 PM
link   
a reply to: drewlander

It's in the link, but


Apache httpd

HTTP/1.1 200 OK Date: Mon, 21 Sep 2020 21:26:06 GMT Server: Apache X-Powered-By: PHP/5.3.3 refresh: 360; url=index.php Cache-Control: no-store, no-cache, must-revalidate, max-age=0, max-age=2592000 Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Expires: Wed, 21 Oct 2020 21:26:06 GMT Vary: Accept-Encoding Connection: keep-alive, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8


A pretty darn old version, one listed in many of these.
edit on 22/9/2020 by dug88 because: (no reason given)



posted on Sep, 22 2020 @ 05:29 PM
link   
a reply to: dug88

How is a ATS's vulnerability ranked amongst internet sites? What grade does it receive?



posted on Sep, 22 2020 @ 05:47 PM
link   
a reply to: carewemust

Taken at face value it would be pretty bad but i don't think some of the enabled modules are even used, so probably not as bad as it seems. Take the socket.c cve for instance - this site does not upgrade my connection to ws://, so there is probably no listener and it means nothing. All shodan did was look at php version and modules enabled it seems. Windows cve is probably meaningless too.

Just dont store your bank info on this site and you will be fine.
edit on 22-9-2020 by drewlander because: (no reason given)



posted on Sep, 22 2020 @ 05:50 PM
link   
a reply to: drewlander

Understood. Thank you for the detailed reply.




posted on Sep, 22 2020 @ 06:44 PM
link   
a reply to: dug88

I suppose you noticed the note at the top of the results:


Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.


Edited to add that, for example, for a server I manage, it says that FTP has two vulnerabilities, but the server doesn't even have FTP working.
edit on 22/9/2020 by ArMaP because: (no reason given)



posted on Sep, 22 2020 @ 07:10 PM
link   

originally posted by: carewemust
a reply to: dug88

How is a ATS's vulnerability ranked amongst internet sites? What grade does it receive?



You're more anonymous on Facebook.



posted on Sep, 22 2020 @ 08:59 PM
link   
a reply to: ArMaP

Yeah exactly. I didnt even bother with looking at shodan but I have other utilities installed locally I can use to see whats really going on if I was interested. After I got to thinking about later this evening I pretty much concluded shodan spit out a list of vulnerabilities that were never patched in that version of php and will never be patched cuz 5.3 is long past EOL. Even 5.6 is past EOL now.



new topics

top topics



 
6

log in

join