[VIM] Bogus - [Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit]
str0ke at milw0rm.com
Tue Apr 3 19:41:39 UTC 2007
Correcto. Removing the vulnerability.
On 4/3/07, George A. Theall <theall at tenablesecurity.com> wrote:
> Looks like milw0rm 3642 from ajann is bogus, or at least dependent on
> the version of Xoops -- I tested under Xoops 2.0.12, which is from June
> 2005, I believe.
> I grabbed a copy of the module from
> modules/virii/index.php has this as its first couple of executable
> include ("header.php");
> and modules/virii/header.php has:
> which includes Xoops' mainfile.php. That in turn generally includes
> include/common.php and class/xoopssecurity.php and then calls
> checkSuperglobals() from the latter. checkSuperglobals() makes sure
> someone isn't trying to muck with various important variables, including
> xoopsConfig; if so, it causes the script to die.
> Now you can bypass the initial check in class/xoopssecurity.php by
> setting xoopsOption[nocommon] if register_globals is enabled, but then
> script execution proceeds to Xoops' main header.php and eventually to
> class/template.php, at which point it stops because SMARTY_DIR is not
> defined (it normally would be in include/common.php).
> Apologies if this seems long-winded.
> theall at tenablesecurity.com
More information about the VIM