BugTraq
Back to list
|
Post reply
Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS
Mar 28 2003 11:13AM
Grégory Le Bras (gregory lebras security-corporation com)
In-Reply-To: <20030320195855.20555.qmail (at) www.securityfocus (dot) com [email concealed]>
You can fix the path disclosure problem by adding this code in all the
affected files :
---snip---
error_reporting(0);
---snip---
Greetz : Magistrat (http://www.blocus-zone.com)
>From: "Grégory" Le Bras <gregory.lebras (at) security-corporation (dot) com [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: [SCSA-011] Path Disclosure Vulnerability in XOOPS
>
>
>
>_______________________________________________________________________
_
>
>Security Corporation Security Advisory [SCSA-011]
>_______________________________________________________________________
_
>
>PROGRAM: XOOPS
>HOMEPAGE: http://www.xoops.org/
>VULNERABLE VERSIONS: v2.0 (and prior ?)
>_______________________________________________________________________
_
>
>DESCRIPTION
>_______________________________________________________________________
_
>
>XOOPS is "a dynamic OO (Object Oriented) based open source portal script
>written in PHP. XOOPS is the ideal tool for developing small to large
>dynamic community websites,intra company portals, corporate portals,
>weblogs and much more." (direct quote from XOOPS website)
>
>
>DETAILS & EXPLOITS
>_______________________________________________________________________
_
>
>¤ Details Path Disclosure :
>
>A vulnerability have been found in XOOPS which allow attackers to
determine
>the physical path of the application.
>
>This vulnerability would allow a remote user to determine the full path to
>the web root directory and other potentially sensitive information.
>This vulnerability can be triggered by a remote user submitting a
>specially crafted HTTP request including invalid input to the
>"$xoopsOption" variable.
>
>¤ Exploits Path Disclosure :
>
>http://[target]/index.php?xoopsOption=any_word
>
>Affected files:
>admin.php
>edituser.php
>footer.php
>header.php
>image.php
>lostpass.php
>pmlite.php
>readpmsg.php
>register.php
>search.php
>user.php
>userinfo.php
>viewpmsg.php
>class/xoopsblock.php
>modules/contact/index.php
>modules/mydownloads/index.php
>modules/mydownloads/brokenfile.php
>modules/mydownloads/modfile.php
>modules/mydownloads/ratefile.php
>modules/mydownloads/singlefile.php
>modules/mydownloads/submit.php
>modules/mydownloads/topten.php
>modules/mydownloads/viewcat.php
>modules/mylinks/brokenlink.php
>modules/mylinks/index.php
>modules/mylinks/modlink.php
>modules/mylinks/ratelink.php
>modules/mylinks/singlelink.php
>modules/mylinks/submit.php
>modules/mylinks/topten.php
>modules/mylinks/viewcat.php
>modules/newbb/index.php
>modules/newbb/search.php
>modules/newbb/viewforum.php
>modules/newbb/viewtopic.php
>modules/news/archive.php
>modules/news/article.php
>modules/news/index.php
>modules/sections/index.php
>modules/system/admin.php
>modules/xoopsfaq/index.php
>modules/xoopsheadlines/index.php
>modules/xoopsmembers/index.php
>modules/xoopspartners/index.php
>modules/xoopspartners/join.php
>modules/xoopspoll/index.php
>modules/xoopspoll/pollresults.php
>
>SOLUTIONS
>_______________________________________________________________________
_
>
>No solution for the moment.
>
>
>VENDOR STATUS
>_______________________________________________________________________
_
>
>The vendor has reportedly been notified.
>
>
>LINKS
>_______________________________________________________________________
_
>
>Version Française :
>http://www.security-corporation.com/index.php?id=advisories&a=011-FR
>
>
>-----------------------------------------------------------------------
-
>Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com
>-----------------------------------------------------------------------
-
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
You can fix the path disclosure problem by adding this code in all the
affected files :
---snip---
error_reporting(0);
---snip---
Greetz : Magistrat (http://www.blocus-zone.com)
>From: "Grégory" Le Bras <gregory.lebras (at) security-corporation (dot) com [email concealed]>
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: [SCSA-011] Path Disclosure Vulnerability in XOOPS
>
>
>
>_______________________________________________________________________
_
>
>Security Corporation Security Advisory [SCSA-011]
>_______________________________________________________________________
_
>
>PROGRAM: XOOPS
>HOMEPAGE: http://www.xoops.org/
>VULNERABLE VERSIONS: v2.0 (and prior ?)
>_______________________________________________________________________
_
>
>DESCRIPTION
>_______________________________________________________________________
_
>
>XOOPS is "a dynamic OO (Object Oriented) based open source portal script
>written in PHP. XOOPS is the ideal tool for developing small to large
>dynamic community websites,intra company portals, corporate portals,
>weblogs and much more." (direct quote from XOOPS website)
>
>
>DETAILS & EXPLOITS
>_______________________________________________________________________
_
>
>¤ Details Path Disclosure :
>
>A vulnerability have been found in XOOPS which allow attackers to
determine
>the physical path of the application.
>
>This vulnerability would allow a remote user to determine the full path to
>the web root directory and other potentially sensitive information.
>This vulnerability can be triggered by a remote user submitting a
>specially crafted HTTP request including invalid input to the
>"$xoopsOption" variable.
>
>¤ Exploits Path Disclosure :
>
>http://[target]/index.php?xoopsOption=any_word
>
>Affected files:
>admin.php
>edituser.php
>footer.php
>header.php
>image.php
>lostpass.php
>pmlite.php
>readpmsg.php
>register.php
>search.php
>user.php
>userinfo.php
>viewpmsg.php
>class/xoopsblock.php
>modules/contact/index.php
>modules/mydownloads/index.php
>modules/mydownloads/brokenfile.php
>modules/mydownloads/modfile.php
>modules/mydownloads/ratefile.php
>modules/mydownloads/singlefile.php
>modules/mydownloads/submit.php
>modules/mydownloads/topten.php
>modules/mydownloads/viewcat.php
>modules/mylinks/brokenlink.php
>modules/mylinks/index.php
>modules/mylinks/modlink.php
>modules/mylinks/ratelink.php
>modules/mylinks/singlelink.php
>modules/mylinks/submit.php
>modules/mylinks/topten.php
>modules/mylinks/viewcat.php
>modules/newbb/index.php
>modules/newbb/search.php
>modules/newbb/viewforum.php
>modules/newbb/viewtopic.php
>modules/news/archive.php
>modules/news/article.php
>modules/news/index.php
>modules/sections/index.php
>modules/system/admin.php
>modules/xoopsfaq/index.php
>modules/xoopsheadlines/index.php
>modules/xoopsmembers/index.php
>modules/xoopspartners/index.php
>modules/xoopspartners/join.php
>modules/xoopspoll/index.php
>modules/xoopspoll/pollresults.php
>
>SOLUTIONS
>_______________________________________________________________________
_
>
>No solution for the moment.
>
>
>VENDOR STATUS
>_______________________________________________________________________
_
>
>The vendor has reportedly been notified.
>
>
>LINKS
>_______________________________________________________________________
_
>
>Version Française :
>http://www.security-corporation.com/index.php?id=advisories&a=011-FR
>
>
>-----------------------------------------------------------------------
-
>Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com
>-----------------------------------------------------------------------
-
>
[ reply ]