Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.

Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy.

👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/

Schadcode-Attacken auf Onlineshops auf #Gambio-Basis möglich | Security https://www.heise.de/news/Kritische-Luecken-bedrohen-Onlineshops-auf-Gambio-Basis-9609849.html #Patchday #SQLinjection

Our #usdHeroLab #Pentest professionals analyzed #Gambio during their pentests.
1⃣Vulnerability Type: several vulnerabilities with partly high risk
🚨Security Risk: Critical
🧵👇 More Details

🧐Gambio is a software designed for running online shops. It provides various features and tools to help businesses manage their inventory, process orders, and handle customer interactions.

The identified vulnerabilities allowed unauthenticated attackers to execute code on the underlying system, because the application deserializes untrusted data. Other vulnerabilities allowed unauthenticated attackers to perform SQL injection attacks to extract data from the database. Also the application stores the passwords provided during the installation process in cleartext.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 🧑‍💻👩‍💻 👇
https://herolab.usd.de/en/security-advisories/

@SonarResearch Reminds me of a slightly different exploitable bug in #Gambio's password reset which I had discovered (probably not been the first one).

They used mt_srand with only 1000000 possible seeds based on time to generate the password reset token. Might have been possible to predict it based on time (did not work out so well) or brute-force it with educated guesses (noisy, slow), but the code did worse:

When sending the token it generated a captcha which was based on the same #PRNG sequence. Requesting the captcha manually, one could solve it offline to find the PRNG seed which was also used to generate the password reset token.

This wasn't the 90's, but I saw it still in use in 2020. Later versions fixed this in different ways, for example by using a stronger RNG without using a bad seed.

#Google_Fonts
#lokal_einbinden

Google Fonts Abmahnwelle! Schützen Sie sich mit einer Anleitung zur lokalen Einbindung
von Thomas Josef Zieba
(mit Links zur Einbindung über #Shopware, #Wordpress, #Wix, #Gambio, #Jimdo)

https://legal.trustedshops.com/blog/google-fonts-abmahnwelle-schuetzen-sie-sich-mit-einer-anleitung-zur-lokalen-einbindung