Title: CMSLogik 1.2.1 (user param) User Enumeration Weakness
Advisory ID: ZSL-2013-5137
Type: Local/Remote
Impact: Exposure of sensitive informationg
Risk: (1/5)
Release Date: 14.04.2013

Summary

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into.

Description

The weakness is caused due to the 'unique_username_ajax' script enumerating the list of valid usernames when some characters are provided via the 'user' parameter.

Vendor

ThemeLogik - http://www.themelogik.com/cmslogik

Affected Version

1.2.1 and 1.2.0

Tested On

Router Webserver

Vendor Status

[05.04.2013] Vulnerability discovered.
[05.04.2013] Contact with the vendor.
[05.04.2013] Vendor replies asking more details.
[05.04.2013] Sent detailed information to the vendor.
[08.04.2013] Vendor confirms the issues promising patch.
[14.04.2013] Public security advisory released.

PoC

cmslogik_enum.py

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://cxsecurity.com/issue/WLB-2013040104
[2] http://www.exploit-db.com/exploits/24959/
[3] http://packetstormsecurity.com/files/121304
[4] http://osvdb.org/show/osvdb/92321
[5] http://secunia.com/advisories/53037/

Changelog

[14.04.2013] - Initial release
[15.04.2013] - Added reference [1] and [2]
[16.04.2013] - Added reference [3] and [4]
[19.04.2013] - Added reference [5]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk