Full Disclosure mailing list archives
Re: [SCSA-016] Multiple vulnerabilities in Ez publish
From: "Gregory Le Bras | Security Corporation" <gregory.lebras () security-corporation com>
Date: Tue, 15 Apr 2003 15:07:25 +0200
Here a log of errors : Exploit : http://localhost/kernel/class/delete.php Errors : Warning: main(kernel/classes/ezcontentclass.php) [function.main]: failed to create stream: No such file or directory in c:\program files\ez systems\ezpublish\kernel\class\delete.php on line 36 Warning: main() [function.main]: Failed opening 'kernel/classes/ezcontentclass.php' for inclusion (include_path='.;c:\php4\pear') in c:\program files\ez systems\ezpublish\kernel\class\delete.php on line 36 Warning: main(lib/ezutils/classes/ezhttppersistence.php) [function.main]: failed to create stream: No such file or directory in c:\program files\ez systems\ezpublish\kernel\class\delete.php on line 37 Warning: main() [function.main]: Failed opening 'lib/ezutils/classes/ezhttppersistence.php' for inclusion (include_path='.;c:\php4\pear') in c:\program files\ez systems\ezpublish\kernel\class\delete.php on line 37 Warning: main(kernel/classes/ezcontentclassclassgroup.php) [function.main]: failed to create stream: No such file or directory in c:\program files\ez systems\ezpublish\kernel\class\delete.php on line 38 Warning: main() [function.main]: Failed opening 'kernel/classes/ezcontentclassclassgroup.php' for inclusion (include_path='.;c:\php4\pear') in c:\program files\ez systems\ezpublish\kernel\class\delete.php on line 38 Fatal error: Undefined class name 'ezcontentclass' in c:\program files\ez systems\ezpublish\kernel\class\delete.php on line 49 Note that the php.ini file is not present in the installation by default of Ez Publish, that is why I did not use display_errors = Off Log_errors = One. Best Regards, ------- Gregory LEBRAS Chief Executive Officer Security Corporation www.security-corporation.com ----- Original Message ----- From: "Melvyn Sopacua" <msopacua () idg nl> To: "Gregory Le Bras | Security Corporation" <gregory.lebras () security-corporation com> Cc: "Full Disclosure Mailing List" <full-disclosure () lists netsys com> Sent: Tuesday, April 15, 2003 2:54 PM Subject: Re: [Full-disclosure] [SCSA-016] Multiple vulnerabilities in Ez publish At 13:28 4/15/2003, Gregory Le Bras | Security Corporation wrote: [ ... ]
ยค Path Disclosure : You can fix the path disclosure problem by adding this code in all the affected files : -------CUT------- error_reporting(0); -------CUT-------
Yeah, that'll help - you won't even be able to get a log of errors, like 'unlink() failed', when somebody found a way to delete files. Please use: display_errors = Off log_errors = On in your php.ini (should be so on production servers anyways). Or in the code: ini_set('display_errors', FALSE); ini_set('log_errors', TRUE); If this product (haven't looked at it), uses it's own error handler routine and doesn't respect these settings, this is worth mentioning explicitely and even better, provide a patch for the alternate error handler. It is hardly ever good advice to turn of error logging. Met vriendelijke groeten / With kind regards, Webmaster IDG.nl Melvyn Sopacua <@JE> Hosting: $5 per month. Domain name: $15, your site being down twice a week: Priceless. http://www.bash.org/?42663 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SCSA-016] Multiple vulnerabilities in Ez publish Gregory Le Bras | Security Corporation (Apr 15)
- Re: [SCSA-016] Multiple vulnerabilities in Ez publish Melvyn Sopacua (Apr 15)
- Re: [SCSA-016] Multiple vulnerabilities in Ez publish Gregory Le Bras | Security Corporation (Apr 15)
- Re: [SCSA-016] Multiple vulnerabilities in Ez publish Melvyn Sopacua (Apr 15)