Re: Xoop

[Josh Zlatin-Amishav <josh () ramat cc>]

On Wed, 30 Aug 2006, Vlad wrote:

> Hello,
> I am pen testing a site and I found that it is running Apache/2.0.52
> (Unix) mod_ssl/2.0.52 OpenSSL/0.9.7g PHP/5.0.4 mod_jk2/2.0.2  and
> Xoop(don't know what version yet) among other things. The core of the
> functionality I am testing is related to Xoop.
>
> I searched for bugs and all the other basic stuff.
>
> I noticed something interesting:
> https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=index.php
> so I tried
> https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=../../
> And I get a 404 file not found instead of 403!
> With the exception of a few default apache DIRs listing is disabled but
> all I need is to navigate to a useful/interesting file.
>
> Anyone have any tips about Xoop?

Hi Vlad,
This is not Xoop specific, but do you have any indication if PHP's
open_basedir is enabled? In other words, have you tried requesting OS
related files? Another approach might be to try a remote file inclusion,
(as long as allow_url_fopen has not been disabled) this way you could create
a local shell. Of course if your looking for Xoops specific issues there
are always these:
http://osvdb.org/searchdb.php?action=search_title&vuln_title=xoops&Search=Search

--
 - Josh

> --
> Vlad G.
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.
> Any review, retransmission, dissemination or other use of, or taking of
> any action in reliance upon, this information by persons or entities other
> than the intended recipient is prohibited.
> If you received this in error, please contact the sender and delete the
> material from any computer.