[Vtigercrm-developers] [CRITICAL] possible code injection

Minnie minnie at vtiger.com
Mon Jun 25 21:44:33 PDT 2007


	vulnerability
Cc: vtigercrm-developers at lists.vtigercrm.com
In-Reply-To: <20070625141133.GE7548 at nibiru.local>
Mime-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_306_13776658.1182833073279"
References: <20070625141133.GE7548 at nibiru.local>
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Status: RO

------=_Part_306_13776658.1182833073279
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Dear weigelt,

          It is better to give me the entire url you've given. when I try t=
o give module=3DLeads and action=3Dfoo, I got the warning message stating t=
hat
Warning:  include(modules/Leads/foo.php) [function.include]: failed to open=
 stream: No such file or directory in

I tested for other modules also. I got the same result. kindly help me to r=
eproduce this one.

Thanks & Regards,
Minnie.


----weigelt at metux.de wrote ----=20

                                                                           =
        =20
Hi folks,

while playing around w/ url parameters, I've found an probably=20
critical vulnerability:=20

The "action" parameter seems to go directly into the filename=20
for code loading (ie. "action=3Dfoo" ends up in trying to load
"foo.php" within the module's subdir) !

We should fix this ASAP.


cu
--=20
---------------------------------------------------------------------
 Enrico Weigelt    =3D=3D   metux IT service

  phone:     +49 36207 519931         http://www:       http://www.metux.de=
/
  fax:       +49 36207 519932         email:     contact at metux.de
  cellphone: +49 174 7066481
---------------------------------------------------------------------
 -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --
---------------------------------------------------------------------
_______________________________________________
Reach hundreds of potential candidates - http://jobs.vtiger.com=20

                                                         
------=_Part_306_13776658.1182833073279
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>=
<meta content=3D"text/html;charset=3DUTF-8" http-equiv=3D"Content-Type"></h=
ead><body >Dear weigelt,<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp; It is better to give me the entire url you've given. when I try=
 to give module=3DLeads and action=3Dfoo, I got the warning message stating=
 that<br><b>Warning</b>:  include(modules/Leads/foo.php) [<a href=3D"http:/=
/mangayarkarasi:503/jun7/function.include">function.include</a>]: failed to=
 open stream: No such file or directory in<br><br>I tested for other module=
s also. I got the same result. kindly help me to reproduce this one.<br><br=
>Thanks &amp; Regards,<br>Minnie.<br><br><br>----weigelt at metux.de wrote ---=
- <br><br><blockquote style=3D"border-left: 2px solid rgb(0, 0, 255); paddi=
ng: 6px;">
               =20
               =20
                                   =20
                <div>
<br>Hi folks,<br><br>while playing around w/ url parameters, I've found an =
probably <br>critical vulnerability: <br><br>The "action" parameter seems t=
o go directly into the filename <br>for code loading (ie. "action=3Dfoo" en=
ds up in trying to load<br>"foo.php" within the module's subdir) !<br><br>W=
e should fix this ASAP.<br><br><br>cu<br>-- <br>---------------------------=
------------------------------------------<br> Enrico Weigelt    =3D=3D   m=
etux IT service<br><br>  phone:     +49 36207 519931         <a target=3D"_=
blank" href=3D"http://www:">http://www:</a>       <a target=3D"_blank" href=
=3D"http://www.metux.de/">http://www.metux.de/</a><br>  fax:       +49 3620=
7 519932         email:     contact at metux.de<br>  cellphone: +49 174 706648=
1<br>---------------------------------------------------------------------<=
br> -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --<br>=
---------------------------------------------------------------------<br>__=
_____________________________________________<br>Reach hundreds of potentia=
l candidates - <a target=3D"_blank" href=3D"http://jobs.vtiger.com">http://=
jobs.vtiger.com</a> <br>
</div>

               =20
                               =20
          </blockquote></body></html>
------=_Part_306_13776658.1182833073279--




More information about the vtigercrm-developers mailing list