 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 633 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1)
by Laffer on Saturday, November 29 @ 03:53:33 CET
(User Info | Send a Message) http://www.comicfan.de | The bug is easy: The first line of the Module contain
include ("$basepath/somemodule.php");
since basepath will link to the http://someurl/textfile.txt the textfile.txt from another location will be included and therefore executed through the webserver. This textfile.txt contains as you mentioned malicious code, calling the SYSTEM function to execute in /tmp directory of the webserver (and afterwards deleted). But in the / or /tmp you often find some reliquients of other modules, like in my case, a kernel exploit which was uploaded and started this way... |
| Parent | | | | |
Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1)
by johnnycard on Saturday, November 29 @ 08:37:06 CET
(User Info | Send a Message) | | Jeruvys link points for an upgrade for Post Nuke by the looks of it. Is there anyone who could port this fix for PHP Nuke? |
| Parent | | | | | |
|