| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Apr 11 02:49:07 2006 From: aolavarria at secure.cl (Alvaro Olavarria) Subject: Dokeos 1.6.4 SQL Injection Vulnerability Dokeos 1.6.4 SQL Injection Vulnerability Author: Alvaro Olavarria <aolavarria@...ure.cl> Affected: Dokeos <= 1.6.4 Status: Notified hereby Vendor url: http://www.dokeos.com Background. Dokeos is an Open Source elearning and course management web application translated in 34 languages and helping more than 1.000 organisations worldwide to manage learning and collaboration activities. Vulnerability. Dokeos was built using Claroline's code; it inherited several of its features including an old version of phpBB which is being used as the forum for the courses. There is a problem in the ?viewtopic.php", where the $topic variable is not correctly sanitized and $forumview is equal to ?threaded", that would allow an attacker to inject arbitrary code to the application. Impact An attacker could use Blind SQL Injection to gain access to privileged data like the password hashes for the administrator user and so on. Proof of Concept http://localhost/claroline/phpbb/viewtopic.php?cidReq=102&gidReq=&forum=1&0&forumview=threaded&topic=1[blind_sql_inject] Greetings Rodrigo Guitierrez <rodrigo@...ure.cl> University of Los Lagos in Chile "for lending the required equipment for testing" >:D
Powered by blists - more mailing lists