NukeCops - Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!!

I found out how to fix quickly the Security Exploit.

Open the File displayCategory.php in /modules/My_eGallery/public

after the first line starting
insert:
$bug = strpos($basepath,"http");
if ($bug === false) {

and before the last line starting with ?>

insert:

}
else {
echo "You are trying to hack our site! GO AWAY BASTARD!";
}

How does this work? The exploit is STUPID! $basepath contains the basepath of the My_eGallery Modules. In the first lines displayCategory.php some files must be included. Now if the attacker give $basepath via the URL a new content in the exploits case the http://www.bywordonline.com/sc/app.txt value, then the module includes this Code from outside into the program. The app.txt runs then system calls with the rights of the webserver.

My fix will test if basepath contains a link to outside url instead of a local path (looking for http), if this is found, Code execution is suspended. Maybe not the best fix, but a quick fix. There is still a hole, but now the attacker must first upload a bad file to execute it. I will work further on this issue to fix it completely. Help from the Nukecops would be great!!!

See ya