lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 28 Mar 2003 11:13:57 -0000
From: "Grégory" Le Bras <gregory.lebras@...urity-corporation.com>
To: bugtraq@...urityfocus.com
Subject: Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS


In-Reply-To: <20030320195855.20555.qmail@....securityfocus.com>

You can fix the path disclosure problem by adding this code in all the 
affected files :

---snip---
error_reporting(0); 
---snip---

Greetz : Magistrat (http://www.blocus-zone.com)




>From: "Grégory" Le Bras <gregory.lebras@...urity-corporation.com>
>To: bugtraq@...urityfocus.com
>Subject: [SCSA-011] Path Disclosure Vulnerability in XOOPS
>
>
>
>________________________________________________________________________
>
>Security Corporation Security Advisory [SCSA-011]
>________________________________________________________________________
>
>PROGRAM: XOOPS
>HOMEPAGE: http://www.xoops.org/
>VULNERABLE VERSIONS: v2.0 (and prior ?)
>________________________________________________________________________
>
>DESCRIPTION
>________________________________________________________________________
>
>XOOPS is "a dynamic OO (Object Oriented) based open source portal script
>written in PHP. XOOPS is the ideal tool for developing small to large
>dynamic community websites,intra company portals, corporate portals,
>weblogs and much more." (direct quote from XOOPS website)
>
>
>DETAILS & EXPLOITS
>________________________________________________________________________
>
>¤ Details Path Disclosure :
>
>A vulnerability have been found in XOOPS which allow attackers to 
determine
>the physical path of the application.
>
>This vulnerability would allow a remote user to determine the full path to
>the web root directory and other potentially sensitive information.
>This vulnerability can be triggered by a remote user submitting a
>specially crafted HTTP request including invalid input to the
>"$xoopsOption" variable.
>
>¤ Exploits Path Disclosure :
>
>http://[target]/index.php?xoopsOption=any_word
>
>Affected files:
>admin.php
>edituser.php
>footer.php
>header.php
>image.php
>lostpass.php
>pmlite.php
>readpmsg.php
>register.php
>search.php
>user.php
>userinfo.php
>viewpmsg.php
>class/xoopsblock.php
>modules/contact/index.php
>modules/mydownloads/index.php
>modules/mydownloads/brokenfile.php
>modules/mydownloads/modfile.php
>modules/mydownloads/ratefile.php
>modules/mydownloads/singlefile.php
>modules/mydownloads/submit.php
>modules/mydownloads/topten.php
>modules/mydownloads/viewcat.php
>modules/mylinks/brokenlink.php
>modules/mylinks/index.php
>modules/mylinks/modlink.php
>modules/mylinks/ratelink.php
>modules/mylinks/singlelink.php
>modules/mylinks/submit.php
>modules/mylinks/topten.php
>modules/mylinks/viewcat.php
>modules/newbb/index.php
>modules/newbb/search.php
>modules/newbb/viewforum.php
>modules/newbb/viewtopic.php
>modules/news/archive.php
>modules/news/article.php
>modules/news/index.php
>modules/sections/index.php
>modules/system/admin.php
>modules/xoopsfaq/index.php
>modules/xoopsheadlines/index.php
>modules/xoopsmembers/index.php
>modules/xoopspartners/index.php
>modules/xoopspartners/join.php
>modules/xoopspoll/index.php
>modules/xoopspoll/pollresults.php
>
>SOLUTIONS
>________________________________________________________________________
>
>No solution for the moment.
>
>
>VENDOR STATUS
>________________________________________________________________________
>
>The vendor has reportedly been notified.
>
>
>LINKS
>________________________________________________________________________
>
>Version Française :
>http://www.security-corporation.com/index.php?id=advisories&a=011-FR
>
>
>------------------------------------------------------------------------
>Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com
>------------------------------------------------------------------------
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ