Wednesday, April 13, 2005

"Encrption.txt (sic)" in the wild

Regular readers (Do I even HAVE any of those? I doubt it.) Will remember this post about an amusing file found in the IntraLearn LMS.

Here are a couple examples of "Encrption.txt (sic)" in the wild. To check for it on your IntraLearn install, just add /cgi-bin/Encrption.txt to the end of the URL itself, deleting /home/ or other information at the end of the URL.

Why does this file matter? Because it consists of the IntraLearn corporation admitting that it distributes software for which it has lost the source code, and as a result, has no way to know what's really in the files they distribute. Seems the perfect place for someone to have put a back door or logic bomb, doesn't it?

The sad thing is, the code isn't compiled, it's encrypted using the cfencrypt utility that comes with Cold Fusion. A quick web search for cfdecrypt would lead them to a command line utility that would allow them to recover the source code of the offending files.

That's right folks, a quick Google is too complicated for IntraLearn developers.

Please note, an absence of the warning about the files does not mean your version of IntraLearn is magically running code for which IntraLearn has the source.

SiteIntraLearn SiteLink to file
UMass Roxbury http://roxburycc.umassonline.net/home/ View the sample
Enbanet Powered Boston University Site http://216.234.48.127/home/ View the sample

No comments: