lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4F4B6D4F.7020301@googlemail.com>
Date: Mon, 27 Feb 2012 12:47:27 +0100
From: Andre Silaghi <andre.silaghi@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: Case YVS Image Gallery

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm just forwarding this for you. Hope you enjoy :)

- -------- Original-Nachricht --------
Betreff: [oss-security] Case YVS Image Gallery
Datum: Mon, 27 Feb 2012 13:32:52 +0200
Von: Henri Salo <henri@...v.fi>
Antwort an: oss-security@...ts.openwall.com
An: oss-security@...ts.openwall.com
Kopie (CC): corryl80@...il.com, bugtraq@...urityfocus.com

http://osvdb.org/show/osvdb/79477

The software "YVS Image Gallery" seems to be full of security issues.
For example one can have lots of fun with this. Copy from
installation.php:

"""
    case(isset($_POST['db_name'])):

        $host = $_POST['host'];
        $db_name = $_POST['db_name'];
        $db_user_name = $_POST['db_user_name'];
        $db_password = $_POST['db_password'];

        $admin_name = $_POST['admin_name'];
        $admin_password = $_POST['admin_password'];

        $o_host = $_POST['o_host'];
        $o_db_name = $_POST['o_db_name'];
        $o_db_user_name = $_POST['o_db_user_name'];
        $o_db_password = $_POST['o_db_password'];

        //read in the file
        $file = "../functions/db_connect.php";
        $fh = fopen($file, 'r+');
        $contents = fread($fh, filesize($file));

        //set up the text to change
        $text_to_change = array();
        $new_text = array();

        $text_to_change[] = '$dbhost="'.$o_host.'"';
        $text_to_change[] = '$dbuser="'.$o_db_user_name.'"';
        $text_to_change[] = '$dbpass="'.$o_db_password.'"';
        $text_to_change[] = '$dbname="'.$o_db_name.'"';

        $new_text[] = '$dbhost="'.$host.'"';
        $new_text[] = '$dbuser="'.$db_user_name.'"';
        $new_text[] = '$dbpass="'.$db_password.'"';
        $new_text[] = '$dbname="'.$db_name.'"';

        $new_contents = str_replace($text_to_change, $new_text,
$contents);
        fclose($fh);

        // Open file to write
        $fh = fopen($file, 'r+');
        fwrite($fh, $new_contents);
        fclose($fh);

        //set up new admin user

        include '../functions/db_connect.php';

        db_connect();
"""

I'll bet this software is not used much, but I can list all problems I
can find if we want to assign CVE-identifiers to cases like these. No
contact information of developer found. Any ideas how to get these
fixed or get the code out of internet. The package is also hosted in
here: http://www.hotscripts.com/listing/yvs-image-gallery/ (and
probably others).

- - Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPS21OAAoJEOtuXFFW9/UbSgMP/1nScj8Syt2ig84AEmY9D0fu
RvI79FPyKpKANaLCHGNBrwy5MCufjdWaE74aqxwHop44HZ0rkhxeKhBfZlq5FqVp
v+b7OBlLmKoU6HwofNajlVop7VZXdQicykLxfxTi0CnRhbOb1++cz4XqqHxHqzhj
xR/bg0Cm3IQoPd5bhT03W6X+f9IvwVHhU3JLaBUqAVVNtGJ/mx05E0gvaXK5Iguw
dFdv+/f798rDpQUAHA8QMA0dJ92/xdVJfAWHUFhN9OdF157kAsc8VRRq6IuIOr5Q
VmRHPZHe1yci+sUS2nUyY5VdcHE3Vga2iZWXIitketWBAqs0XqikszIe4wko2MzJ
xWST4+D0/ytG+w2f6J/F71NSwWNCRm/Q368bNkmqmxGajFSHCje+1fSQ7UlM6tSh
iua5IZcTynbRV9XPVPhYaulpGmXZYZ8yiB7kJF+Y/aTe/RxGcbquPVwRUFgEHGkn
TbXktN2hrcrA847c89LY0kwWsf9QLInCp/TavaV7jTcv4qLHSozRDt2mYna7TZs7
N6g76fCwA1ojowPvf9gHq4CtEUH+onVQViaUCj59eu+w6LlmW0kkTK9pQM0RAneN
dtKHcxn02AVSAY4ftsBNEFbUgoMrTqlc8aChDTvgpnN9kEmyMnUxuDjefbjk88gU
vRXGe1rldD0mOXJ5RoDf
=6I4a
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ