Claroline Support

Skip to content

 Back to Claroline Website

index.php XSS [FIXED]

Tell us what's wrong.
Post a reply

index.php XSS [FIXED]

Postby munozferna on Sun Mar 11, 2007 8:10 am

$_SERVER['PHP_SELF'] / $PHP_SELF Injection


Code: Select all
http://campus.claroline.com/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.claroline.net/demo/claroline170/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


You can get more info:
http://blog.phpdoc.info/archives/13-XSS-Woes.html
http://php.net/reserved.variables
http://forum.hardened-php.net/viewtopic.php?id=20

There are several other files vulnerable to this issue.
[fms@core claroline183]$ grep PHP_SELF *.php | wc -l
2
[fms@core claroline183]$ grep PHP_SELF */*.php | wc -l
0
[fms@core claroline183]$ grep PHP_SELF */*/*.php | wc -l
462
[fms@core claroline183]$ grep PHP_SELF */*/*/*.php | wc -l
134
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*.php | wc -l
5
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*.php | wc -l
15
[fms@core claroline183]$ grep PHP_SELF */*/*/*/*/*/*.php | wc -l
0
munozferna
 
Posts: 13
Joined: Sun Feb 04, 2007 2:44 am
Top

Postby mathieu on Mon Mar 12, 2007 10:06 am

Thanks.

Solved in 1.9, we 'll release a new version of 1.8 fixing this XSS.

http://cvs.claroline.net/cgi-bin/viewcv ... 8&r2=1.269
http://cvs.claroline.net/cgi-bin/viewcv ... 93&r2=1.94

Regards

Mathieu
Mathieu Laurent
mathieu
Contributeurs Actif Forum
 
Posts: 4534
Joined: Fri Apr 09, 2004 4:01 pm
Location: Belgium, Bruxelles, Soignies
Top

Postby zefredz on Fri Jul 06, 2007 11:17 am

Solved in Claroline 1.8.4+
Frederic Minne (ZeFredz) - Claroline Team
Claroline.net
User avatar
zefredz
Contributeurs Actif Forum
 
Posts: 976
Joined: Thu Sep 02, 2004 1:41 pm
Location: Belgium, LLN
Top
Post a reply

Return to Bugs Claroline 1.8.11

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
cron