| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Jul 2008 16:48:39 +0100 From: ProCheckUp Research <research@...checkup.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: PR08-15: Several Webroot Disclosures on Moodle -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-15: Several Webroot Disclosures on Moodle Vulnerability found: 20/06/2008 Vendor informed: 25/06/2008 Vulnerability fixed: 16/07/2008 Advisory publicly released: 22/07/2008 Severity: Low Description: Moodle 1.6.5 is vulnerable to several webroot disclosures. No authentication is required to obtain the webroot paths. Proof of concept: Requested URL: https://moodle.target.ac.uk/blog/blogpage.php Response: Fatal error: Class 'page_base' not found in /Volumes/<dir_name>/data/moodle/blog/blogpage.php on line 9 Requested URL: https://moodle.target.ac.uk/course/report/stats/report.php Response: Fatal error: Call to undefined function get_courses() in /Volumes/<dir_name>/data/moodle/course/report/stats/report.php on line 3 Tested environment: Server: Apache/2.2.2 (Unix) PHP/5.2.1 mod_ssl/2.2.2 OpenSSL/0.9.7l Moodle 1.6.5 + (2006050550) Note: Moodle reveals its version within HTML source code. i.e.: <a title="moodle 1.6.5 + (2006050550)" href="http://moodle.org/"> Consequences: Information about the target environment can be extracted. Fix: Disable display_errors in PHP configuration; A new warning for administrators has been added in versions 1.8.6 and 1.9.2. This issue has been tracked as MDL-15413. References: http://moodle.org/mod/forum/discuss.php?d=101403 http://www.procheckup.com/Vulnerabilities.php Credits: Richard Brain of ProCheckUp Ltd. (www.procheckup.com) ProCheckUp would like to thank Petr Skoda and the rest of the Moodle team for their excellent response time and cooperation towards resolving this matter. Legal: Copyright 2008 Procheckup Ltd. All rights reserved. Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIhgFXoR/Hvsj3i8sRAiiyAJ0U1ByjcRrL0jtUbi6kGH8ufyFwfgCbBLWb ddim9D9v6Zfdp1l9bsVtBG0= =L9ID -----END PGP SIGNATURE-----
Powered by blists - more mailing lists