You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 533 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!!
SecurityLaffer writes "I found out how to fix quickly the Security Exploit.

Open the File displayCategory.php in /modules/My_eGallery/public

after the first line starting
insert:
$bug = strpos($basepath,"http");
if ($bug === false) {

and before the last line starting with ?>

insert:

}
else {
echo "You are trying to hack our site! GO AWAY BASTARD!";
}


How does this work? The exploit is STUPID! $basepath contains the basepath of the My_eGallery Modules. In the first lines displayCategory.php some files must be included. Now if the attacker give $basepath via the URL a new content in the exploits case the http://www.bywordonline.com/sc/app.txt value, then the module includes this Code from outside into the program. The app.txt runs then system calls with the rights of the webserver.

My fix will test if basepath contains a link to outside url instead of a local path (looking for http), if this is found, Code execution is suspended. Maybe not the best fix, but a quick fix. There is still a hole, but now the attacker must first upload a bad file to execute it. I will work further on this issue to fix it completely. Help from the Nukecops would be great!!!

See ya
"
Posted on Friday, November 28 @ 16:20:30 CET by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 5
Votes: 3


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1)
by Johan1982 on Friday, November 28 @ 18:40:47 CET
(User Info | Send a Message)
Still is not known a permanent solution? Hopefully that the staff of Nukecops contributes to do fix permanent



Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1)
by Jeruvy on Friday, November 28 @ 18:58:41 CET
(User Info | Send a Message)
Here is the actual exploit. For some reason ZjenXjell doesn't want to post my news on this so I'm including it here. Perhaps you can gather a solution to this: Product: My_eGallery Versions affected: all /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"); $output = ob_get_contents(); ob_end_clean(); print_output(); ?> This allows execution of any command on the server with My_eGallery, under the privileges of the Web server (usually apache or httpd). 3. Solution ----------- Vendor was contacted and promptly replied. Fix is available at the vendor's site: http://lottasophie.sourceforge.net/modules.php?op=modload&name=Downloads&fil e=index&req=viewdownload&cid=5 As this was seen being exploited in the wild, users are urged to upgrade to the latest version as soon as possible. Regards, Bojan Zdrnja CISSP


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.090 Seconds - 211 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::