Author: raphael.huck
Description:
Hi,
first of all thanks for MediaWiki, this is great!
I've found a Full Path Disclosure vulnerability in MediaWiki 1.9.1,
which affects:
wiki/skins/Simple.deps.php
wiki/skins/MonoBook.deps.php
wiki/skins/MySkin.deps.php
wiki/skins/Chick.deps.php
example:
http://openclipart.org/wiki/skins/Simple.deps.php
Warning: main(includes/SkinTemplate.php): failed to open stream: No such
file or directory in
/srv/clipart.freedesktop.org/clipart_web/wiki/skins/Simple.deps.php on
line 8
Fatal error: main(): Failed opening required 'includes/SkinTemplate.php'
(include_path='.:/usr/share/php:/usr/share/pear') in
/srv/clipart.freedesktop.org/clipart_web/wiki/skins/Simple.deps.php on
line 8
It enables the attacker to gain knowledge about the system before
attacking it (for example, if he finds a File Include vulnerability, he
knows how many folders to go back to find /etc/passwd).
This should be an easy fix: check that each page that shouldn't be
called directly isn't called directly, for example by defining a
variable in the pages that call them, and checking in those that this
variable is defined, and if not, do nothing, or print "nothing to see
here..."
This would be great if you could fix it, as otherwise MediaWiki is
perfect ;)
--Raphaël HUCK
Version: 1.9.x
Severity: normal
OS: Windows XP
Platform: PC
URL: http:http://openclipart.org/wiki/skins/Simple.deps.php
CVE: CVE-2007-0894