| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Bug at thelostsite.co.uk (Manip) Subject: Centre 1.0 PHP injection, bypass authentication + possible SQL injection. Summary: The Miller Group, Inc. [www.miller-group.net] announces the release of Centre, a free student information system for public and non-public schools. Centre is a web-based, open source, student management product with features that include scheduling, grade book, attendance, eligibility, transcripts, and more. And, of course, student and employee information screens are critical components of Centre. Version: 1.0 Exploit: Centre does not check that a user is logged in and has sufficient permissions to perform admin tasks. An example of this can be seen when attempting to create a new account: http://demo.miller-group.net/index.php?modfunc=create_account&staff&username=admin&staff_id=new However this problem exists at almost every level within the software. There are also poor checks carried out when passing user data which could lead to SQL injection problems. There is a more serious problem within modules.php, there is *no checking on the path of the module and could lead to PHP injection. Modules.php?modname=../../../MyCode/Stuff.php Fix: Disable centre until an update is released (the problems are too extensive).
Powered by blists - more mailing lists