Secunia Research: Sharetronix Two PHP Code Injection Vulnerabilities

======================================================================
 
                    Secunia Research 05/12/2013

         Sharetronix Two PHP Code Injection Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

* Sharetronix 3.1.1

NOTE: Other versions may also be affected.

======================================================================
2) Severity 

Rating: Highly critical
Impact: System access
Where:  From remote

====================================================================== 
3) Vendor's Description of Software 

"Sharetronix is a Secure Social Network for Your Company.
Collaborate with Your Coworkers, Clients, and Partners."

Product Link:
http://sharetronix.com/ 

======================================================================
4) Description of Vulnerability

Secunia Research has discovered two vulnerabilities in Sharetronix,
which can be exploited by malicious users to compromise a vulnerable
system.

1) Input passed via the "activities_text" POST parameter to
/services/activities/set is not properly sanitised before being used
in a call to the "preg_replace()" function with the "e" modifier in
the /system/classes/class_post.php script. This can be exploited to
inject and execute arbitrary PHP code.

2) Input passed via the "comments_text" POST parameter to
/services/comments/set is not properly sanitised before being used in
a call to the "preg_replace()" function with the "e" modifier in the
/system/classes/class_postcomment.php script. This can be exploited
to inject and execute arbitrary PHP code.

======================================================================
5) Solution 

No official solution is currently available.

======================================================================
6) Time Table 

06/11/2013 - Vendor notified.
06/11/2013 - Vendor response stating
             "Please immediately cease and desist all such
              communications."
05/12/2013  Public disclosure.

======================================================================
7) Credits 

Discovered by Egidio Romano, Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
the CVE-2013-5352 identifier for the vulnerabilities.
 
======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

======================================================================
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2013-8/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================