You are missing our premiere tool bar navigation system! Register and use it for FREE!

•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
· Home
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 133 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!!
SecurityLaffer writes "I found out how to fix quickly the Security Exploit.

Open the File displayCategory.php in /modules/My_eGallery/public

after the first line starting
$bug = strpos($basepath,"http");
if ($bug === false) {

and before the last line starting with ?>


else {
echo "You are trying to hack our site! GO AWAY BASTARD!";

How does this work? The exploit is STUPID! $basepath contains the basepath of the My_eGallery Modules. In the first lines displayCategory.php some files must be included. Now if the attacker give $basepath via the URL a new content in the exploits case the value, then the module includes this Code from outside into the program. The app.txt runs then system calls with the rights of the webserver.

My fix will test if basepath contains a link to outside url instead of a local path (looking for http), if this is found, Code execution is suspended. Maybe not the best fix, but a quick fix. There is still a hole, but now the attacker must first upload a bad file to execute it. I will work further on this issue to fix it completely. Help from the Nukecops would be great!!!

See ya
Posted on Friday, November 28 @ 16:20:30 CET by Zhen-Xjell
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell

Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 5
Votes: 3

Please take a second and vote for this article:

Very Good


 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1)
by Johan1982 on Friday, November 28 @ 18:40:47 CET
(User Info | Send a Message)
Still is not known a permanent solution? Hopefully that the staff of Nukecops contributes to do fix permanent

Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1)
by Jeruvy on Friday, November 28 @ 18:58:41 CET
(User Info | Send a Message)
Here is the actual exploit. For some reason ZjenXjell doesn't want to post my news on this so I'm including it here. Perhaps you can gather a solution to this: Product: My_eGallery Versions affected: all /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"); $output = ob_get_contents(); ob_end_clean(); print_output(); ?> This allows execution of any command on the server with My_eGallery, under the privileges of the Web server (usually apache or httpd). 3. Solution ----------- Vendor was contacted and promptly replied. Fix is available at the vendor's site: e=index&req=viewdownload&cid=5 As this was seen being exploited in the wild, users are urged to upgrade to the latest version as soon as possible. Regards, Bojan Zdrnja CISSP

Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.033 Seconds - 82 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded ( ::