@XoopsProject Security Vulnerability in imagemanager.php [2.5.x Support]

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

@XoopsProject Security Vulnerability in imagemanager.php

2011/5/16 16:48
wishcraft
Module Developer
Posts: 3711
Since: 2007/5/18

Luckly this is only appliable if the person has admin access however there is a security vulnerability with XOOPS 2.5.0a where the target variable can be injected to change routes around in the file target and place files around the place like PHP files or scripts.

it's not the fact you can simply do imagemanager.php?target=/../../../../../../

but the use of $_REQUEST['target'] is totally insecure. $_REQUEST[] can be overidden with a specially crafted cookie and it overwrites any $_GET or $_POST.

Report:http://www.allinfosec.com/2011/04/23/webapps-0day-xoops-2-5-0-imagemanager-php-lfi-vulnerability-7/

www.ohloh.net/accounts/226400

Follow, Like & Read:-

twitter.com/RegaltyFamily
github.com/Chronolabs-Cooperative
facebook.com/DrAntonyRoberts

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

@XoopsProject Security Vulnerability in imagemanager.php

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}