Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file e

from [pokley] Network Security [Permanent Link]
Subject: [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation
Date: Tue, 08 Mar 2005 10:25:42 +0800 
Summary: xoops 2.0.9.2 and below weak file extension validation

Description
===========
XOOPS is an extensible, OO (Object Oriented), easy to use dynamic web content management system written in PHP. XOOPS is the ideal tool for developing small to large dynamic community websites, intra company portals, corporate portals, weblogs and much more.

Details
=======
User may upload valid image file with insecure extension through avatar upload if "Allow custom avatar upload" is set to "Yes" in "User Info Settings". This setting is not on in default installation. This is cause of weak file extension validation XoopsMediaUploader class in file uploader.php.

if ( preg_match( '/\.(php|cgi|pl|py|asp)$/i', $this->mediaName ) ) {
$this->setErrors('Filename rejected');
return false;
}

In some web server installation other extension like .phtml,*.php3 is threat as php script.

Workaround
==========
Set "Allow custom avatar upload" to "No" in "User Info Settings".

Proof of concept
================
Rename image to "image.php3" and upload as avatar using "Internet Explorer".

Vendor Response
===============
27th February 2005 - Vendor contacted but no response.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation, pokley <=
Previous by Date:  Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Andrey Bayora
Next by Date:  iDownload/iSearch responds to Spyware Critics, Paul Laudanski
Previous by Thread:  iDEFENSE Labs Releases IDA RPC Enumerator, iDEFENSE Labs
Next by Thread:  iDownload/iSearch responds to Spyware Critics, Paul Laudanski
Indexes:  [Date] [Thread] [Top] [All Lists]