Full Disclosure mailing list archives
Centre 1.0 PHP injection, bypass authentication + possible SQL injection.
From: "Manip" <Bug () thelostsite co uk>
Date: Fri, 2 Jul 2004 01:44:22 +0100
Summary: The Miller Group, Inc. [www.miller-group.net] announces the release of Centre, a free student information system for public and non-public schools. Centre is a web-based, open source, student management product with features that include scheduling, grade book, attendance, eligibility, transcripts, and more. And, of course, student and employee information screens are critical components of Centre.
Version: 1.0Exploit: Centre does not check that a user is logged in and has sufficient permissions to perform admin tasks. An example of this can be seen when attempting to create a new account:
http://demo.miller-group.net/index.php?modfunc=create_account&staff&username=admin&staff_id=newHowever this problem exists at almost every level within the software. There are also poor checks carried out when passing user data which could lead to SQL injection problems. There is a more serious problem within modules.php, there is *no checking on the path of the module and could lead to PHP injection.
Modules.php?modname=../../../MyCode/Stuff.phpFix: Disable centre until an update is released (the problems are too extensive).
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Centre 1.0 PHP injection, bypass authentication + possible SQL injection. Manip (Jul 01)