{"id":23177,"date":"2020-12-09T09:53:04","date_gmt":"2020-12-09T01:53:04","guid":{"rendered":"https:\/\/web.mwwsb.com.my\/pjci\/?post_type=kb&p=23177"},"modified":"2023-01-18T11:36:10","modified_gmt":"2023-01-18T03:36:10","slug":"security-update-serendipity-1-7-8-update","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/security-update-serendipity-1-7-8-update","title":{"rendered":"SECURITY UPDATE: Serendipity 1.7.8 Update"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

SECURITY UPDATE: Serendipity 1.7.8 Update\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"security\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The Serendipity vulnerability was found by High-Tech Bridge SA Security Research Lab. Attackers often use the vulnerability to perform SQL injection attacks.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

So, here is the issue happen in Serebdupity 1.7.8 Update:<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

SQL injection in Serendipity<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Before the 1.1 input is used in a SQL query, it is first passed to comment.php via the \u201curl\u201d GET parameter which is not sanitized properly. Therefore, it allows individuals to manipulate SQL queries. Moreover, they can carry out manipulation by injecting arbitrary SQL code.<\/p>

However, you can refer the following PoC (Proof of Concept) which demonstrates the vulnerability:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

http:\/\/[host]\/comment.php?<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

type=trackback&entry_id=1&url=%27%20OR%20mid%28version%28%29,1,1%29=5%20\u2013%202<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Then, successful exploitation of this vulnerability needs that \u201cmagic_quotes_gpc\u201d to be off.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Solution:<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Firstly, to solve this issue, we suggest you to upgrade to Serendipity 1.7.8<\/a><\/p>

Furthermore, if you need more information, please visit :<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Serendipity 1.6.2 released<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

and<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

GitHub of Serendipity<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

**************************************************************************************************<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Vulnerability Description:\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The Serendipity back end is prone to a Cross-Site Scripting and SQL-Injection vulnerability.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Solution:\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Firstly, to solve the problem, it is necessary to upgrade to version 1.7.8<\/a>. To upgrade these scripts, go to your Control Panel -> Softaculous -> Installations.<\/p>

Then, you can update the scripts.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Credits:<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

For your information, the vulnerabilities is found and advisory is written by Stefan Schurtz (KORAMIS Security Team).<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Reference:\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t