lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <50544.201.221.203.126.1144720020.squirrel@www.rgsc.cl>
Date: Tue Apr 11 02:49:07 2006
From: aolavarria at secure.cl (Alvaro Olavarria)
Subject: Dokeos 1.6.4 SQL Injection Vulnerability

Dokeos 1.6.4 SQL Injection Vulnerability


Author: Alvaro Olavarria <aolavarria@...ure.cl>

Affected: Dokeos <= 1.6.4
Status: Notified hereby
Vendor url: http://www.dokeos.com


Background.

Dokeos is an Open Source elearning and course management web application
translated in 34 languages
and helping more than 1.000 organisations worldwide to manage learning and
collaboration activities.


Vulnerability.

Dokeos was built using Claroline's code; it inherited several of its
features including an old version
 of phpBB which is being used as the forum for the courses.   There is a
problem  in the ?viewtopic.php",
 where the $topic variable is not correctly sanitized and $forumview is
equal to ?threaded", that would
allow an attacker to inject arbitrary code to the application.


Impact

An attacker could use Blind SQL Injection to gain access to privileged
data like the password hashes
for the administrator user and so on.


Proof of Concept

http://localhost/claroline/phpbb/viewtopic.php?cidReq=102&gidReq=&forum=1&0&forumview=threaded&topic=1[blind_sql_inject]


Greetings

Rodrigo Guitierrez <rodrigo@...ure.cl>
University of Los Lagos in Chile "for lending the required equipment for
testing" >:D



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ