TeamSpeak Vulnerability [Module usage questions] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

TeamSpeak Vulnerability

2007/4/17 10:50
eric235u
Not too shy to talk
Posts: 149
Since: 2004/12/19

hi all. i just happened to visit securityfocus this morning and saw this. i don't know anything else about it but thought it best to mention it in the forum. hope it's useful.

XOOPS TeamSpeak Display Module TSDisplay4xoops_block2.PHP Remote File Include Vulnerability
Bugtraq ID: 23518
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Apr 16 2007 12:00AM
Updated: Apr 17 2007 03:31AM
Credit: GolD_M is credited with the discovery of this vulnerability.
Vulnerable: tsdisplay4xoops tsdisplay4xoops 0.1
tsdisplay4xoops tsdisplay4xoops 0.08

from:
http://www.securityfocus.com/bid/23518/info

http://www.newmag.org/

2

Re: TeamSpeak Vulnerability

2007/4/17 10:57
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

Is the version mentioned different to eh one by talunceford?

I notice the homesite they list for this module is: this

3

Re: TeamSpeak Vulnerability

2007/4/17 11:03
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

If a French speaker can advise the author - his site is here:

http://kisskool30.free.fr/

Thanks

4

Re: TeamSpeak Vulnerability

2007/4/20 12:31
kisskool
Just popping in
Posts: 3
Since: 2005/2/1 7

Hi,

I'm the french author for this XOOPS portage of Teamspeak Display from mrguide (sorry for my english ^^').

I read you're message and sorry for the inconvenience of security, i'm not a guru in php

.

What can i do to fix this problem ?

Thanks for you're information.

For information, i doesn't work any more in this module, but i hope to have time to finish this module little later.

5

Re: TeamSpeak Vulnerability

2007/4/20 21:53
kisskool
Just popping in
Posts: 3
Since: 2005/2/1 7

Hi,

I delete the archive in my site 0.08, i delete the block we have the security problem, because is not use by the module.

I work to prupose a version without security problem soon. (I did'nt know this module it be used by somebody).

I don't understand how this module his reported to have a security problem, because i doesn't publish any version to product site, finally is better, i can take a moment to work on this, and learn "how to create a module without security problem" ^^.

If you have a security tutorial for newbie (like me) for xoops, i'll be very happy.

Thanks again.

6

Re: TeamSpeak Vulnerability

2007/4/20 22:41
Dave_L
XOOPS is my life!
Posts: 2277
Since: 2003/11/7

This isn't XOOPS-specific, but I recently came across this site: Open Web Application Security Project (OWASP).

and found an old post here that references it:https://xoops.org/modules/newbb/viewtopic.php?topic_id=16690

7

Re: TeamSpeak Vulnerability

2007/4/21 7:39
kisskool
Just popping in
Posts: 3
Since: 2005/2/1 7

I take the document, and website.

Thanks for info.

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/16 2:02 Mamba
Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/14 20:34 hnn_gerd
Re: NewBB v 5.1.0 b 6

3/7 12:07 Mamba
Re: NewBB v 5.1.0 b 6

2/23 2:57 Mamba
NewBB v 5.1.0 b 6

2/17 18:57 spierrard
Re: XOOPS 2.5.11 search user is not working

2/14 13:11 Mamba
Re: oledrion

2/14 11:29 Mamba
Re: oledrion

2/13 15:22 oswaldo
Re: oledrion

2/12 19:20 Mamba
Re: oledrion

2/12 16:02 oswaldo

Who's Online

247 user(s) are online (159 user(s) are browsing Support Forums)

Members: 0

Guests: 247

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}