Full Disclosure mailing list archives
Re: Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod
From: "Siegfried" <admin () zone-h fr>
Date: Fri, 31 Mar 2006 20:33:13 +0200 (CEST)
My bad, i didn't check well, the xss isn't in an error message for this one. I had one example, when an invalid function is called (if its name is based on user supplied data, yes some people code like this.. i saw one example in a famous portal), there was an xss in the error message, however i checked now and this was fixed in php 5.1.2 with other ones, maybe there are still some though. i know nobody cares about xss when they're not permanent, but if it's in php itself.. Le Ven 31 mars 2006 11:57, Siegfried a écrit :
I just wanted to comment rgod's Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit: http://www.milw0rm.com/exploits/1627 http://retrogod.altervista.org/claroline_174_incl_xpl.html http://secunia.com/advisories/19461/ The file inclusion vulnerability just affects the 1.7 branch, however when installing claroline it says to turn register_globals on and older versions were _just_ working with register_globals set to on (if i remember well), so huh.. many are probably vuln. About the xss, it is an xss in the php error message, there are many php functions returning errors without filtering them, anybody noted that?
-- Zone-H Admin admin () zone-h fr www.zone-h.org www.zone-h.fr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod Siegfried (Mar 31)