[UNIX] Path Disclosure Vulnerability in XOOPS
From: support@securiteam.com
Date: 03/23/03
- Previous message: support@securiteam.com: "[UNIX] XSS Bugs in osCommerce"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 23 Mar 2003 16:21:55 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
In the US?
Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!
Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -
Path Disclosure Vulnerability in XOOPS
------------------------------------------------------------------------
SUMMARY
<http://www.xoops.org/> XOOPS is "a dynamic OO (Object Oriented) based
open source portal script written in PHP. XOOPS is the ideal tool for
developing small to large dynamic community websites, intra company
portals, corporate portals, weblogs and much more". A vulnerability has
been found in XOOPS that allow attackers to determine the physical path of
the application.
DETAILS
Vulnerable systems:
* XOOPS version 2.0
This vulnerability would allow a remote user to determine the full path to
the web root directory and other potentially sensitive information. This
vulnerability can be triggered by a remote user submitting a specially
crafted HTTP request including invalid input to the "$xoopsOption"
variable.
Exploit:
http://[target]/index.php?xoopsOption=any_word
Affected files:
* admin.php
* edituser.php
* footer.php
* header.php
* image.php
* lostpass.php
* pmlite.php
* readpmsg.php
* register.php
* search.php
* user.php
* userinfo.php
* viewpmsg.php
* class/xoopsblock.php
* modules/contact/index.php
* modules/mydownloads/index.php
* modules/mydownloads/brokenfile.php
* modules/mydownloads/modfile.php
* modules/mydownloads/ratefile.php
* modules/mydownloads/singlefile.php
* modules/mydownloads/submit.php
* modules/mydownloads/topten.php
* modules/mydownloads/viewcat.php
* modules/mylinks/brokenlink.php
* modules/mylinks/index.php
* modules/mylinks/modlink.php
* modules/mylinks/ratelink.php
* modules/mylinks/singlelink.php
* modules/mylinks/submit.php
* modules/mylinks/topten.php
* modules/mylinks/viewcat.php
* modules/newbb/index.php
* modules/newbb/search.php
* modules/newbb/viewforum.php
* modules/newbb/viewtopic.php
* modules/news/archive.php
* modules/news/article.php
* modules/news/index.php
* modules/sections/index.php
* modules/system/admin.php
* modules/xoopsfaq/index.php
* modules/xoopsheadlines/index.php
* modules/xoopsmembers/index.php
* modules/xoopspartners/index.php
* modules/xoopspartners/join.php
* modules/xoopspoll/index.php
* modules/xoopspoll/pollresults.php
Vendor status:
The vendor has been notified.
ADDITIONAL INFORMATION
The information has been provided by
<mailto:gregory.lebras@security-corporation.com> Gregory Le Bras |
Security Corporation.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] XSS Bugs in osCommerce"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
