Ravens PHP Scripts

Xoops Tiny Content Module *spaw_root* File Inclusion
Date: Wednesday, June 13, 2007 @ 19:57:29 CEST
Topic: Security


SECUNIA ADVISORY ID: SA25652

VERIFY ADVISORY: http://secunia.com/advisories/25652/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE: Tiny Content 1.x (module for Xoops) - http://secunia.com/product/14527/

DESCRIPTION: Sp[L]o1T has discovered a vulnerability in the Tiny Content module for Xoops, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.



Input passed to the "spaw_root" parameter in admin/spaw/spaw_control.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 1.5. Other versions may also be affected. The vulnerability is related to: SA20558 SA22383 SA25522.

SOLUTION: Edit the source code to ensure that input is properly verified OR Disable SPAW and remove the admin/spaw/ directory.

PROVIDED AND/OR DISCOVERED BY: Sp[L]o1T

ORIGINAL ADVISORY:
Xoops: http://www.xoops.org/modules/news/article.php?storyid=3799
Sp[L]o1T: http://milw0rm.com/exploits/4063

OTHER REFERENCES:
SA20558: http://secunia.com/advisories/20558/
SA22383: http://secunia.com/advisories/22383/
SA25522: http://secunia.com/advisories/25522/






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2961