Claroline E-Learning应用多个远程输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108715 漏洞类型 SQL注入
发布时间 2005-04-27 更新时间 2007-01-24
CVE编号 CVE-2005-1375 CNNVD-ID CNNVD-200505-891
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25553
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-891
|漏洞详情
ClarolineE-LearningApplication是一种基于Web网络教学系统。Claroline在处理用户请求时存在多个输入验证漏洞,远程攻击者可能利用这些漏洞非授权操作数据库,在用户浏览器中执行恶意代码,造成信息泄露或数据破坏。Claroline的多个脚本没有充分检查过滤用户的参数数据,远程攻击者可以利用来执行SQL注入、跨站脚本执行等攻击。<**>
|漏洞EXP
source: http://www.securityfocus.com/bid/13407/info
    
Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application functionality such as database interaction and generating dynamic Web content.
    
Multiple cross-site scripting, SQL injection, directory traversal, and remote file include vulnerabilities have been reported.
    
An attacker may exploit these issues to manipulate SQL queries to the underlying database, have arbitrary script code executed in the browser of an unsuspecting user, and execute arbitrary server-side scripts with the privileges of an affected Web server. This may facilitate the theft of sensitive information, potentially including authentication credentials, data corruption, and a compromise of the affected computer.
    
**Update: Dokeos, which is based on claroline source code, is also prone to come of these issues.

http:///www.example.com/claroline/tracking/exercises_details.php?exo_id=-1/**/UNION/**/SELECT%200,password,username,0,0,0%20from%20user%20where%20user_id=1--
|参考资料

来源:XF
名称:claroline-multiple-sql-injection(20298)
链接:http://xforce.iss.net/xforce/xfdb/20298
来源:BID
名称:13407
链接:http://www.securityfocus.com/bid/13407
来源:www.claroline.net
链接:http://www.claroline.net/news.php#85
来源:SECTRACK
名称:1013822
链接:http://securitytracker.com/id?1013822
来源:SECUNIA
名称:15161
链接:http://secunia.com/advisories/15161
来源:SECUNIA
名称:15725
链接:http://secunia.com/advisories/15725
来源:BUGTRAQ
名称:20050427ZRCSA-200501-MultiplevulnerabilitiesinClaroline
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111464607103407&w=2