1
mouacy
has this security been resolved?
  • 2007/5/4 4:33

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


I found this through google and it bothers me.

http://securityvulns.com/Pdocument969.html

From: Omid
Date: 05.02.2007
Subject: Sql injection bugs in XOOPS 2.0.16 + Weblinks module

Hi,

These bugs were published in full-disclosure about 2 weeks ago (CVE-2007-0377).

There is a sql injection bug in XOOPS 2.0.16 core (and maybe other versions) in
admin section:

The 'id' parameter in "get()" function is not checked against sql injections :

File kernel/group.php, Line 94 :
:: function &get($id)
:: {
:: $group = false;
:: if (intval($id) > 0) {
** $sql = 'SELECT * FROM '.$this->db->prefix('groups').' WHERE groupid='.$id;

This one doesnt seem to be critical .


In "Weblinks" module :

The 'lid' parameter in "deleteByLid()" function is not
checked against sql injections :

File class/table_broken.php, Line 58 :
:: function deleteByLid($lid)
:: {
** $sql = "DELETE FROM $this->table WHERE lid=$lid";
:: return $this->query_false($sql);
:: }

Also 3 other sql injections exist which can be exploitable and are not
discribed here . The new version is not released yet .

The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/festival.txt


- Omid

2
davidl2
Re: has this security been resolved?
  • 2007/5/4 8:21

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I believe that the latest release of the weblinks module will deal with this problem.

3
Herko
Re: has this security been resolved?
  • 2007/5/4 9:24

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


and the group.php sql injection bug isn't serious because the system is only vulnerable when logged in as administrator of a website. And administrators already have the rights to change everything anyway. You can't secure against misuse of properly given access and administration rights. ANyway, with access to the groups administration section, you can give anyone any rights anyway. The hole is there, but it doesn't leak unless leaking is part of the goal.

Herko

Login

Who's Online

577 user(s) are online (475 user(s) are browsing Support Forums)


Members: 0


Guests: 577


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits