('binary' encoding is not supported, stored as-is) In-Reply-To: <20030320195855.20555.qmailat_private> You can fix the path disclosure problem by adding this code in all the affected files : ---snip--- error_reporting(0); ---snip--- Greetz : Magistrat (http://www.blocus-zone.com) >From: "Grégory" Le Bras <gregory.lebras@security-corporation.com> >To: bugtraqat_private >Subject: [SCSA-011] Path Disclosure Vulnerability in XOOPS > > > >________________________________________________________________________ > >Security Corporation Security Advisory [SCSA-011] >________________________________________________________________________ > >PROGRAM: XOOPS >HOMEPAGE: http://www.xoops.org/ >VULNERABLE VERSIONS: v2.0 (and prior ?) >________________________________________________________________________ > >DESCRIPTION >________________________________________________________________________ > >XOOPS is "a dynamic OO (Object Oriented) based open source portal script >written in PHP. XOOPS is the ideal tool for developing small to large >dynamic community websites,intra company portals, corporate portals, >weblogs and much more." (direct quote from XOOPS website) > > >DETAILS & EXPLOITS >________________________________________________________________________ > >¤ Details Path Disclosure : > >A vulnerability have been found in XOOPS which allow attackers to determine >the physical path of the application. > >This vulnerability would allow a remote user to determine the full path to >the web root directory and other potentially sensitive information. >This vulnerability can be triggered by a remote user submitting a >specially crafted HTTP request including invalid input to the >"$xoopsOption" variable. > >¤ Exploits Path Disclosure : > >http://[target]/index.php?xoopsOption=any_word > >Affected files: >admin.php >edituser.php >footer.php >header.php >image.php >lostpass.php >pmlite.php >readpmsg.php >register.php >search.php >user.php >userinfo.php >viewpmsg.php >class/xoopsblock.php >modules/contact/index.php >modules/mydownloads/index.php >modules/mydownloads/brokenfile.php >modules/mydownloads/modfile.php >modules/mydownloads/ratefile.php >modules/mydownloads/singlefile.php >modules/mydownloads/submit.php >modules/mydownloads/topten.php >modules/mydownloads/viewcat.php >modules/mylinks/brokenlink.php >modules/mylinks/index.php >modules/mylinks/modlink.php >modules/mylinks/ratelink.php >modules/mylinks/singlelink.php >modules/mylinks/submit.php >modules/mylinks/topten.php >modules/mylinks/viewcat.php >modules/newbb/index.php >modules/newbb/search.php >modules/newbb/viewforum.php >modules/newbb/viewtopic.php >modules/news/archive.php >modules/news/article.php >modules/news/index.php >modules/sections/index.php >modules/system/admin.php >modules/xoopsfaq/index.php >modules/xoopsheadlines/index.php >modules/xoopsmembers/index.php >modules/xoopspartners/index.php >modules/xoopspartners/join.php >modules/xoopspoll/index.php >modules/xoopspoll/pollresults.php > >SOLUTIONS >________________________________________________________________________ > >No solution for the moment. > > >VENDOR STATUS >________________________________________________________________________ > >The vendor has reportedly been notified. > > >LINKS >________________________________________________________________________ > >Version Française : >http://www.security-corporation.com/index.php?id=advisories&a=011-FR > > >------------------------------------------------------------------------ >Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com >------------------------------------------------------------------------ >
This archive was generated by hypermail 2b30 : Fri Mar 28 2003 - 11:18:48 PST