View previous topic :: View next topic |
Author |
Message |
munozferna
Joined: 04 Feb 2007 Posts: 8
|
Posted: Tue Jul 31, 2007 12:20 am Post subject: Local File Include Vulnerability (code execution) [FIXED] |
|
|
I got across this issue a couple days ago while inspecting language translations, Claroline doesn't validate the user supplied parameter for language, so by ussing something like ./../../../../../../../../../../../etc/passwd%00 it will allow to include files, this can be abussed to read system configuration files, and execute code if users are allowed to upload txt or image files with php code, or injecting PHP code in httpd logs and including them. This bug seems to affect several instalations regardless magic_quotes_gpc settings since claroline uses an internal funcion for disabling it.
url removed I removed the url for more confidentiality (Mathieu Laurent)
Although is kinda obvious, the vulnerable code is on this file:
http://cvs.claroline.net/cgi-bin/viewcvs.cgi/claroline/claroline/inc/lib/language.lib.php?view=markup
- Fernando Muņoz |
|
Back to top |
|
|
marlon
Joined: 08 Mar 2005 Posts: 18
|
Posted: Tue Jul 31, 2007 1:58 am Post subject: |
|
|
itīs a problem.... |
|
Back to top |
|
|
zefredz Contributeurs Actif Forum
Joined: 02 Sep 2004 Posts: 357 Location: Belgium, LLN
|
Posted: Tue Jul 31, 2007 7:14 am Post subject: |
|
|
Hello Fernando,
Thanks a lot for reporting this important issue.
I have reported it on our bug tracker http://jupiter.cerdecam.be/bug/view.php?id=943 and we will correct it in the next few hours and provide a patch.
Regards, _________________ ZeFredz - Frederic Minne - Claroline Team
|
|
Back to top |
|
|
zefredz Contributeurs Actif Forum
Joined: 02 Sep 2004 Posts: 357 Location: Belgium, LLN
|
|
Back to top |
|
|
munozferna
Joined: 04 Feb 2007 Posts: 8
|
|
Back to top |
|
|
zefredz Contributeurs Actif Forum
Joined: 02 Sep 2004 Posts: 357 Location: Belgium, LLN
|
Posted: Wed Aug 01, 2007 7:16 am Post subject: |
|
|
Hello Fernando,
Yes, the credits file is completely outdated. Even the core teams at Cerdecam and IPM are no longer correct.
We will update the file as soon as possible and add your name to the security section.
Regards, _________________ ZeFredz - Frederic Minne - Claroline Team
|
|
Back to top |
|
|
|