Sanity check in Centre

To: <BUGTRAQ@xxxxxxxxxxxxxxxxx>
Subject: Sanity check in Centre
From: "Manip" <Bug@xxxxxxxxxxxxxxxxx>
Date: Thu, 1 Jul 2004 03:12:00 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Summary: [www.miller-group.net] The Miller Group, Inc. announces the releaseof Centre, a free student information system for public and non-publicschools. Centre is a web-based, open source, student management product withfeatures that include scheduling, grade book, attendance, eligibility,transcripts, and more. And, of course, student and employee informationscreens are critical components of Centre.


Version: 1.0

Exploit: There is no sanity checking anywhere in Centre. In effect anunprivileged user can change administrator options and could lead toprivilege escalation. This includes but is not limited to creating newaccounts:


http://demo.miller-group.net/index.php?modfunc=create_account&staff&username=admin&staff_id=new

There is also improper checking in the modules.php file this could allow PHPscript injection. No validation is done on the module path.

Fix: Disable centre until an update is released (the problems are tooextensive).

Prev by Date: Multiple Vulnerabilities in Easy Chat Server 1.2
Next by Date: Registry fixes for the recent IE vulnerabilities
Previous by thread: Multiple Vulnerabilities in Easy Chat Server 1.2
Next by thread: Registry fixes for the recent IE vulnerabilities
Index(es):
- Date
- Thread