[1.7.3] Directory Traversal Vulnerability in addon.php

Official announcements concerning bugs and fixes in the WoWRoster package
Posting is restricted to Forum Moderators

[1.7.3] Directory Traversal Vulnerability in addon.php

Postby zanix » Wed Mar 26, 2008 5:45 am

A security vulnerability (directory traversal) has been discovered in roster 1.7.3. This vulnerability can be used to include index.php files from anywhere on the server.

To fix, find this code in addon.php:
Code: Select all
// Get the addon's location
$addonDir ROSTER_ADDONS.$_REQUEST['roster_addon_name'].DIR_SEP


And insert this code above it:

Code: Select all
// Sanity check on the addon name. We check both / and \ explicitly: \ may work on unix as well as the default /.
if( strpos($_REQUEST['roster_addon_name'], '/' ) || strpos($_REQUEST['roster_addon_name'], '\\' ) )
{
        
die_quietly"Hacking attempt averted" );


Or Download here http://www.wowroster.net/Downloads/details/id=127.html

This vulnerability may touch earlier roster versions as well.
WoWRoster 2.0 is not affected by this vulnerability.
Last edited by zanix on Sat Jun 28, 2008 7:01 am, edited 5 times in total.
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5546
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

Return to Official Bugs & Updates

Who is online

Users browsing this forum: No registered users and 0 guests