Shopware 5.3.3: PHP Object Instantiation to Blind XXE

8 Nov 2017 by Karim El Ouerghemmi
Shopware Object Instantiation

Shopware is a popular e-commerce software. It is based on PHP using technologies like Symfony 2, Doctrine and the Zend Framework. The code base of its open source community edition encompasses over 690,000 lines of code which we scanned for security vulnerabilities with our RIPS static code analyzer.

The analysis of this complex code base took roughly 4 minutes. RIPS discovered two vulnerabilities: a PHP object instantiation and a SQL injection which we disclosed to the vendor and were fixed in version 5.3.4. In this blog post we investigate the rare object instantiation vulnerability. We describe how it can occur and how it can be exploited by an attacker in order to retrieve arbitrary files from the server.

Read More ...

Security Analysis with Bamboo Plugin

25 Oct 2017 by Martin Bednorz

RIPS Bamboo Integration

Bamboo is a widely used software that enables continuous integration, deployment, and delivery of software applications. It is developed by the Australian company Atlassian that is also well known for their products JIRA and BitBucket. This blog post introduces our Bamboo integration and how it can be used to continuously analyze your PHP application with RIPS. By automatically detecting and warning about security issues, your production server can be protected from new vulnerabilities.

Read More ...

flatCore CMS 1.4.6: Remote Code Execution and Easteregg

17 Oct 2017 by Dennis Detering
flatCore CMS

flatCore is a lightweight Content Management System (CMS) based on PHP and SQLite. It is designed to be as minimalistic as possible, but can be easily extended by its modular structure. We tested the latest stable version 1.4.6 with RIPS and detected, among others, a critical persistent cross-site scripting vulnerability that can be used by an unauthenticated adversary to attack administrators and to execute PHP code on the web server. Further, we found an interesting easteregg.

Read More ...

Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection

20 Sep 2017 by Dr. Johannes Dahse, Robin Peraglie

With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown LDAP injection vulnerability in the login controller. This one vulnerability could allow remote attackers to leak the super user password with blind injection techniques and to fully take over any Joomla! <= 3.7.5 installation within seconds that uses LDAP for authentication. Joomla! has fixed the vulnerability in the latest version 3.8.

Read More ...

SugarCRM's Security Diet - Multiple Vulnerabilities

14 Sep 2017 by Robin Peraglie
SugarCRM Security

SugarCRM is one of the most popular customer relationship management solutions. It is available as a commercial edition and as an open-source community edition and is used by more than 2 million individuals in over 120 countries to manage sensitive customer data 1. Lately its security attracted attention after a researcher reported multiple security issues in the code 2. As a result, a new version of SugarCRM was released.

We wanted to check what our automated code analysis technology RIPS would find after the recent manual audit and how it could contribute to the security. As a result, critical issues were uncovered that could allow attackers to steal customer data or sensitive files from the server.

Read More ...