lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200604161140.13376.ofi@evil.net.pl>
Date: Sun, 16 Apr 2006 11:40:13 +0200
From: Dariusz Kolasinski <ofi@...l.net.pl>
To: bugtraq@...urityfocus.com
Subject: Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack


Dnia sobota, 15 kwietnia 2006 07:26, addmimistrator@...il.com napisał:
> ORIGINAL ADVISORY:
> http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclu
>sionsystemindexphp-remotefileinclusion-attack.html ——————-Summary—————-
> Software: CPG Coppermine Photo Gallery
> Sowtware’s Web Site: http://coppermine.sourceforge.net/
> Versions: 1.4.4.stable
> Class: Remote
> Status: Unpatched
> Exploit: Available
> Solution: Available
> Discovered by: imei addmimistrator
> Risk Level: High
>
> SEE ORIGINAL ADV FOR MORE INFO!

Quick fix:
change following lines in index.php:

[SNIP]
$file = str_replace('//','',str_replace('..','',$_GET['file']));
[/SNIP]

to:

[SNIP]
$file = str_replace('..','',$_GET['file']);
[/SNIP]


-- 
Pozdrawiam,
Dariusz Kolasinski
<Linux Administrator>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ