WebApp Sec mailing list archives
Re: Xoop
From: "Vlad" <recompiler () hacksrus com>
Date: Thu, 31 Aug 2006 13:19:13 -0400 (EDT)
Hello, Yes I have already went after OS specific stuff etc. I was hoping someone knew a way to pull up personal info for registered users on the site or anything that would severely violate privacy policy etc. As for OSVBD, I completely forgot, thank you I already had everything I need but this is icing on the cake :-) http://osvdb.org/displayvuln.php?osvdb_id=20853 Now for some quality report writing time... Vlad G. Josh Zlatin-Amishav wrote: On Wed, 30 Aug 2006, Vlad wrote: Hello, I am pen testing a site and I found that it is running Apache/2.0.52 (Unix) mod_ssl/2.0.52 OpenSSL/0.9.7g PHP/5.0.4 mod_jk2/2.0.2 and Xoop(don't know what version yet) among other things. The core of the functionality I am testing is related to Xoop. I searched for bugs and all the other basic stuff. I noticed something interesting: https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=index.php so I tried https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=../../ And I get a 404 file not found instead of 403! With the exception of a few default apache DIRs listing is disabled but all I need is to navigate to a useful/interesting file. Anyone have any tips about Xoop? Hi Vlad, This is not Xoop specific, but do you have any indication if PHP's open_basedir is enabled? In other words, have you tried requesting OS related files? Another approach might be to try a remote file inclusion, (as long as allow_url_fopen has not been disabled) this way you could create a local shell. Of course if your looking for Xoops specific issues there are always these: http://osvdb.org/searchdb.php?action=search_title&vuln_title=xoops&Search=Search -- - Josh -- Vlad G. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. !DSPAM:25,44f6951e214201459317085!