|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 395 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1) by Laffer on Saturday, November 29 @ 03:53:33 CET (User Info | Send a Message) http://www.comicfan.de | The bug is easy: The first line of the Module contain
include ("$basepath/somemodule.php");
since basepath will link to the http://someurl/textfile.txt the textfile.txt from another location will be included and therefore executed through the webserver. This textfile.txt contains as you mentioned malicious code, calling the SYSTEM function to execute in /tmp directory of the webserver (and afterwards deleted). But in the / or /tmp you often find some reliquients of other modules, like in my case, a kernel exploit which was uploaded and started this way... |
| Parent | | | | |
Re: Security Bug in My_eGallery 2.7.9 FIXED!!! READ!!! (Score: 1) by johnnycard on Saturday, November 29 @ 08:37:06 CET (User Info | Send a Message) | Jeruvys link points for an upgrade for Post Nuke by the looks of it. Is there anyone who could port this fix for PHP Nuke? |
| Parent | | | | | |
|