BugTraq
Back to list
|
Post reply
[SCSA-011] Path Disclosure Vulnerability in XOOPS
Mar 20 2003 07:58PM
Grégory Le Bras (gregory lebras security-corporation com)
________________________________________________________________________
Security Corporation Security Advisory [SCSA-011]
________________________________________________________________________
PROGRAM: XOOPS
HOMEPAGE: http://www.xoops.org/
VULNERABLE VERSIONS: v2.0 (and prior ?)
________________________________________________________________________
DESCRIPTION
________________________________________________________________________
XOOPS is "a dynamic OO (Object Oriented) based open source portal script
written in PHP. XOOPS is the ideal tool for developing small to large
dynamic community websites,intra company portals, corporate portals,
weblogs and much more." (direct quote from XOOPS website)
DETAILS & EXPLOITS
________________________________________________________________________
¤ Details Path Disclosure :
A vulnerability have been found in XOOPS which allow attackers to determine
the physical path of the application.
This vulnerability would allow a remote user to determine the full path to
the web root directory and other potentially sensitive information.
This vulnerability can be triggered by a remote user submitting a
specially crafted HTTP request including invalid input to the
"$xoopsOption" variable.
¤ Exploits Path Disclosure :
http://[target]/index.php?xoopsOption=any_word
Affected files:
admin.php
edituser.php
footer.php
header.php
image.php
lostpass.php
pmlite.php
readpmsg.php
register.php
search.php
user.php
userinfo.php
viewpmsg.php
class/xoopsblock.php
modules/contact/index.php
modules/mydownloads/index.php
modules/mydownloads/brokenfile.php
modules/mydownloads/modfile.php
modules/mydownloads/ratefile.php
modules/mydownloads/singlefile.php
modules/mydownloads/submit.php
modules/mydownloads/topten.php
modules/mydownloads/viewcat.php
modules/mylinks/brokenlink.php
modules/mylinks/index.php
modules/mylinks/modlink.php
modules/mylinks/ratelink.php
modules/mylinks/singlelink.php
modules/mylinks/submit.php
modules/mylinks/topten.php
modules/mylinks/viewcat.php
modules/newbb/index.php
modules/newbb/search.php
modules/newbb/viewforum.php
modules/newbb/viewtopic.php
modules/news/archive.php
modules/news/article.php
modules/news/index.php
modules/sections/index.php
modules/system/admin.php
modules/xoopsfaq/index.php
modules/xoopsheadlines/index.php
modules/xoopsmembers/index.php
modules/xoopspartners/index.php
modules/xoopspartners/join.php
modules/xoopspoll/index.php
modules/xoopspoll/pollresults.php
SOLUTIONS
________________________________________________________________________
No solution for the moment.
VENDOR STATUS
________________________________________________________________________
The vendor has reportedly been notified.
LINKS
________________________________________________________________________
Version Française :
http://www.security-corporation.com/index.php?id=advisories&a=011-FR
------------------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com
------------------------------------------------------------------------
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
________________________________________________________________________
Security Corporation Security Advisory [SCSA-011]
________________________________________________________________________
PROGRAM: XOOPS
HOMEPAGE: http://www.xoops.org/
VULNERABLE VERSIONS: v2.0 (and prior ?)
________________________________________________________________________
DESCRIPTION
________________________________________________________________________
XOOPS is "a dynamic OO (Object Oriented) based open source portal script
written in PHP. XOOPS is the ideal tool for developing small to large
dynamic community websites,intra company portals, corporate portals,
weblogs and much more." (direct quote from XOOPS website)
DETAILS & EXPLOITS
________________________________________________________________________
¤ Details Path Disclosure :
A vulnerability have been found in XOOPS which allow attackers to determine
the physical path of the application.
This vulnerability would allow a remote user to determine the full path to
the web root directory and other potentially sensitive information.
This vulnerability can be triggered by a remote user submitting a
specially crafted HTTP request including invalid input to the
"$xoopsOption" variable.
¤ Exploits Path Disclosure :
http://[target]/index.php?xoopsOption=any_word
Affected files:
admin.php
edituser.php
footer.php
header.php
image.php
lostpass.php
pmlite.php
readpmsg.php
register.php
search.php
user.php
userinfo.php
viewpmsg.php
class/xoopsblock.php
modules/contact/index.php
modules/mydownloads/index.php
modules/mydownloads/brokenfile.php
modules/mydownloads/modfile.php
modules/mydownloads/ratefile.php
modules/mydownloads/singlefile.php
modules/mydownloads/submit.php
modules/mydownloads/topten.php
modules/mydownloads/viewcat.php
modules/mylinks/brokenlink.php
modules/mylinks/index.php
modules/mylinks/modlink.php
modules/mylinks/ratelink.php
modules/mylinks/singlelink.php
modules/mylinks/submit.php
modules/mylinks/topten.php
modules/mylinks/viewcat.php
modules/newbb/index.php
modules/newbb/search.php
modules/newbb/viewforum.php
modules/newbb/viewtopic.php
modules/news/archive.php
modules/news/article.php
modules/news/index.php
modules/sections/index.php
modules/system/admin.php
modules/xoopsfaq/index.php
modules/xoopsheadlines/index.php
modules/xoopsmembers/index.php
modules/xoopspartners/index.php
modules/xoopspartners/join.php
modules/xoopspoll/index.php
modules/xoopspoll/pollresults.php
SOLUTIONS
________________________________________________________________________
No solution for the moment.
VENDOR STATUS
________________________________________________________________________
The vendor has reportedly been notified.
LINKS
________________________________________________________________________
Version Française :
http://www.security-corporation.com/index.php?id=advisories&a=011-FR
------------------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com
------------------------------------------------------------------------
[ reply ]