Full Disclosure mailing list archives
Claroline file inclusion vulnerabilities
From: "Siegfried" <admin () zone-h fr>
Date: Mon, 8 May 2006 17:55:46 +0200 (CEST)
Beford posted a tool on milw0rm exploiting some file inclusion vulnerabilities in claroline: http://www.milw0rm.com/exploits/1766 if someone wants the complete list of the vulnerable files, here it is: the "clarolineRepositorySys" parameter in: "claroline/auth/extauth/drivers/ldap.inc.php", "claroline/auth/extauth/drivers/atutor.inc.php", "claroline/auth/extauth/drivers/db-generic.inc.php", "claroline/auth/extauth/drivers/docebo.inc.php", "claroline/auth/extauth/drivers/dokeos.1.6.inc.php", "claroline/auth/extauth/drivers/dokeos.inc.php", "claroline/auth/extauth/drivers/ganesha.inc.php", "claroline/auth/extauth/drivers/mambo.inc.php", "claroline/auth/extauth/drivers/moodle.inc.php", "claroline/auth/extauth/drivers/phpnuke.inc.php", "claroline/auth/extauth/drivers/postnuke.inc.php", "claroline/auth/extauth/drivers/spip.inc.php" the "includePath" parameter in: "claroline/auth/extauth/drivers/mambo.inc.php" "claroline/auth/extauth/drivers/postnuke.inc.php" and the "claro_CasLibPath" parameter in: "claroline/auth/extauth/casProcess.inc.php" after looking at the code, i also found: claroline/inc/lib/event/init_event_manager.inc.php [..] require_once($includePath . '/lib/event/class.event.php'); require_once($includePath . '/lib/event/notifier.php'); [..] and: /claroline/inc/lib/export_exe_tracking.class.php [..] include_once($rootSys.$clarolineRepositoryAppend.'exercice/question.class.php'); include_once($rootSys.$clarolineRepositoryAppend.'exercice/answer.class.php'); include_once( dirname(__FILE__) . '/csv.class.php'); [..] i mailed the claroline staff, i don't wait for a patch because anyway the ones Beford found are unpatched and public. Claroline supports register_globals off, it is the solution. Kevin Fernandez -- Zone-H Admin admin () zone-h fr www.zone-h.org www.zone-h.fr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Claroline file inclusion vulnerabilities Siegfried (May 08)