lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Mar 31 19:33:12 2006 From: admin at zone-h.fr (Siegfried) Subject: Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod My bad, i didn't check well, the xss isn't in an error message for this one. I had one example, when an invalid function is called (if its name is based on user supplied data, yes some people code like this.. i saw one example in a famous portal), there was an xss in the error message, however i checked now and this was fixed in php 5.1.2 with other ones, maybe there are still some though. i know nobody cares about xss when they're not permanent, but if it's in php itself.. Le Ven 31 mars 2006 11:57, Siegfried a ?crit : > I just wanted to comment rgod's Claroline <= 1.7.4 (scormExport.inc.php) > Remote Code Execution Exploit: > > http://www.milw0rm.com/exploits/1627 > > http://retrogod.altervista.org/claroline_174_incl_xpl.html > > http://secunia.com/advisories/19461/ > > The file inclusion vulnerability just affects the 1.7 branch, however when > installing claroline it says to turn register_globals on and older > versions were _just_ working with register_globals set to on (if i > remember well), so huh.. many are probably vuln. > > About the xss, it is an xss in the php error message, there are many php > functions returning errors without filtering them, anybody noted that? > -- Zone-H Admin admin@...e-h.fr www.zone-h.org www.zone-h.fr
Powered by blists - more mailing lists