lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <00e601c3034f$f930cad0$0300a8c0@goliath>
From: gregory.lebras at security-corporation.com (Gregory Le Bras | Security Corporation)
Subject: [SCSA-016] Multiple vulnerabilities in  Ez publish

Here a log of errors :

Exploit : http://localhost/kernel/class/delete.php

Errors :

Warning: main(kernel/classes/ezcontentclass.php) [function.main]: failed to
create stream: No such file or directory in c:\program files\ez
systems\ezpublish\kernel\class\delete.php on line 36

Warning: main() [function.main]: Failed opening
'kernel/classes/ezcontentclass.php' for inclusion
(include_path='.;c:\php4\pear') in c:\program files\ez
systems\ezpublish\kernel\class\delete.php on line 36

Warning: main(lib/ezutils/classes/ezhttppersistence.php) [function.main]:
failed to create stream: No such file or directory in c:\program files\ez
systems\ezpublish\kernel\class\delete.php on line 37

Warning: main() [function.main]: Failed opening
'lib/ezutils/classes/ezhttppersistence.php' for inclusion
(include_path='.;c:\php4\pear') in c:\program files\ez
systems\ezpublish\kernel\class\delete.php on line 37

Warning: main(kernel/classes/ezcontentclassclassgroup.php) [function.main]:
failed to create stream: No such file or directory in c:\program files\ez
systems\ezpublish\kernel\class\delete.php on line 38

Warning: main() [function.main]: Failed opening
'kernel/classes/ezcontentclassclassgroup.php' for inclusion
(include_path='.;c:\php4\pear') in c:\program files\ez
systems\ezpublish\kernel\class\delete.php on line 38

Fatal error: Undefined class name 'ezcontentclass' in c:\program files\ez
systems\ezpublish\kernel\class\delete.php on line 49

Note that the php.ini file is not present in the installation by default of
Ez Publish, that is why I did not use
display_errors = Off
Log_errors = One.

Best Regards,

-------
Gregory LEBRAS
Chief Executive Officer
Security Corporation

www.security-corporation.com

----- Original Message -----
From: "Melvyn Sopacua" <msopacua@....nl>
To: "Gregory Le Bras | Security Corporation"
<gregory.lebras@...urity-corporation.com>
Cc: "Full Disclosure Mailing List" <full-disclosure@...ts.netsys.com>
Sent: Tuesday, April 15, 2003 2:54 PM
Subject: Re: [Full-Disclosure] [SCSA-016] Multiple vulnerabilities in Ez
publish


At 13:28 4/15/2003, Gregory Le Bras | Security Corporation wrote:

[ ... ]

>? Path Disclosure :
>
>You can fix the path disclosure problem by adding this code in
>all the affected files :
>
>-------CUT-------
>
>error_reporting(0);
>
>-------CUT-------

Yeah, that'll help - you won't even be able to get a log of errors, like
'unlink() failed', when somebody found a way to delete files.

Please use:
display_errors  = Off
log_errors = On
in your php.ini (should be so on production servers anyways).

Or in the code:
ini_set('display_errors', FALSE);
ini_set('log_errors', TRUE);

If this product (haven't looked at it), uses it's own error handler
routine and doesn't respect these settings, this is worth mentioning
explicitely and even better, provide a patch for the alternate
error handler.

It is hardly ever good advice to turn of error logging.


Met vriendelijke groeten / With kind regards,

Webmaster IDG.nl
Melvyn Sopacua

<@JE> Hosting: $5 per month. Domain name: $15, your site being down twice a
week: Priceless.
http://www.bash.org/?42663

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ