Bugtraq mailing list archives
Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS
From: "Grégory" Le Bras <gregory.lebras () security-corporation com>
Date: 28 Mar 2003 11:13:57 -0000
In-Reply-To: <20030320195855.20555.qmail () www securityfocus com> You can fix the path disclosure problem by adding this code in all the affected files : ---snip--- error_reporting(0); ---snip--- Greetz : Magistrat (http://www.blocus-zone.com)
From: "Grégory" Le Bras <gregory.lebras () security-corporation com> To: bugtraq () securityfocus com Subject: [SCSA-011] Path Disclosure Vulnerability in XOOPS ________________________________________________________________________ Security Corporation Security Advisory [SCSA-011] ________________________________________________________________________ PROGRAM: XOOPS HOMEPAGE: http://www.xoops.org/ VULNERABLE VERSIONS: v2.0 (and prior ?) ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ XOOPS is "a dynamic OO (Object Oriented) based open source portal script written in PHP. XOOPS is the ideal tool for developing small to large dynamic community websites,intra company portals, corporate portals, weblogs and much more." (direct quote from XOOPS website) DETAILS & EXPLOITS ________________________________________________________________________ ¤ Details Path Disclosure : A vulnerability have been found in XOOPS which allow attackers to
determine
the physical path of the application. This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information. This vulnerability can be triggered by a remote user submitting a specially crafted HTTP request including invalid input to the "$xoopsOption" variable. ¤ Exploits Path Disclosure : http://[target]/index.php?xoopsOption=any_word Affected files: admin.php edituser.php footer.php header.php image.php lostpass.php pmlite.php readpmsg.php register.php search.php user.php userinfo.php viewpmsg.php class/xoopsblock.php modules/contact/index.php modules/mydownloads/index.php modules/mydownloads/brokenfile.php modules/mydownloads/modfile.php modules/mydownloads/ratefile.php modules/mydownloads/singlefile.php modules/mydownloads/submit.php modules/mydownloads/topten.php modules/mydownloads/viewcat.php modules/mylinks/brokenlink.php modules/mylinks/index.php modules/mylinks/modlink.php modules/mylinks/ratelink.php modules/mylinks/singlelink.php modules/mylinks/submit.php modules/mylinks/topten.php modules/mylinks/viewcat.php modules/newbb/index.php modules/newbb/search.php modules/newbb/viewforum.php modules/newbb/viewtopic.php modules/news/archive.php modules/news/article.php modules/news/index.php modules/sections/index.php modules/system/admin.php modules/xoopsfaq/index.php modules/xoopsheadlines/index.php modules/xoopsmembers/index.php modules/xoopspartners/index.php modules/xoopspartners/join.php modules/xoopspoll/index.php modules/xoopspoll/pollresults.php SOLUTIONS ________________________________________________________________________ No solution for the moment. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified. LINKS ________________________________________________________________________ Version Française : http://www.security-corporation.com/index.php?id=advisories&a=011-FR ------------------------------------------------------------------------ Grégory Le Bras aka GaLiaRePt | http://www.Security-Corporation.com ------------------------------------------------------------------------
Current thread:
- [SCSA-011] Path Disclosure Vulnerability in XOOPS Grégory (Mar 20)
- <Possible follow-ups>
- Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS Grégory (Mar 28)