oss-sec mailing list archives
Re: CVE request: Joomla unspecified information disclosure vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 1 Jul 2011 14:52:49 +0800
In 1.5.22, the following files trigger Path Disclosure issue: 1. /templates/system/error.php because in 1.5.23, the following validation check was added: if (!isset($this->error)) { $this->error = JError::raiseWarning( 403, JText::_('ALERTNOTAUTH') ); $this->debug = false; } There must be some cases where $this->error might be undefined, triggering path disclosure. 2. /administrator/components/com_media/views/media/view.html.php There is another path disclosure in $base variable in com_media of administrator backend. ///////////////////////////////// if(DS == '\\') { $base = str_replace(DS,"\\\\",COM_MEDIA_BASE); } else { $base = COM_MEDIA_BASE; } $js = " var basepath = '".$base."'; var viewstyle = '".$style."'; " ; //////////////////////////////// COM_MEDIA_BASE is set to a part of JPATH_ROOT which is dirname(), causing to reveal full path. On Mon, Jun 27, 2011 at 10:58 PM, Henri Salo <henri () nerv fi> wrote:
On Mon, Jun 27, 2011 at 03:53:27PM +0800, YGN Ethical Hacker Group wrote:Path Disclosure should better be regarded as more closely related to server-side issue. It may be too redundant or unnecessary to create one path disclosure issue per CVE. Another Path Disclosure issue in Joomla! 1.6.1 http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html Almost all php CMS applications have this issue going on where some of them are listed at: http://code.google.com/p/inspathx/source/browse/#svn%2Ftrunk%2Fpaths_vulnI think this deserves own CVE-identifier as Joomla did announce security vulnerability. As far as I know the vulnerability was described as "Information Disclosure" not patch disclosure. Path disclosures should be fixed from software also, but usually it is a problem in web-server configuration. Do you have more information about issue CVE-2011-2488? Still no reply from Joomla security team regarding issue CVE-2011-2488. I asked more details nearly a week ago. Btw. I would use domain example.org in advisories if I were you. You might not always want to keep that attacker.in domain. Best regards, Henri Salo
Current thread:
- CVE request: Joomla unspecified information disclosure vulnerability Henri Salo (Jun 20)
- Re: CVE request: Joomla unspecified information disclosure vulnerability Josh Bressers (Jun 23)
- Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 27)
- Re: CVE request: Joomla unspecified information disclosure vulnerability Henri Salo (Jun 27)
- Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 30)
- Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 27)
- Re: CVE request: Joomla unspecified information disclosure vulnerability Josh Bressers (Jun 23)