Info

Disclosure

Mar 30, 2006

Discovery

Unknown

Dates

Exploit

Mar 30, 2006

Solution

Unknown

Description

Claroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file' variable upon submission to the rqmkhtml.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Additionally, this can be used to disclose the software installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Claroline has released a patch to address this vulnerability.

Products

Claroline

1.7.4

References

FrSIRT Advisory: ADV-2006-1187
Bugtraq ID: 17344
Related OSVDB ID: 24284 24286
Other Advisory URL: http://retrogod.altervista.org/claroline_174_incl_xpl.html
Secunia Advisory ID: 19461
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1888.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1905.html
CVE ID: 2006-1595 (see also: NVD)
Vendor URL: http://www.claroline.net/

Credit

rgod - rgodautistici.org - http://retrogod.altervista.org

Direct URL: http://osvdb.org/36218