[bug] Remote include file .... [bug] Remote include file ....
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[bug] Remote include file ....

Started by tuxsoul, March 09, 2007, 07:32:39 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

tuxsoul

Hi,  i see in securityfocus a new report of bug, can developer's check please  :)

http://www.securityfocus.com/archive/1/462322/30/0/threaded
¿do you like my comment?, gift me one bitcoin: 1266FWznbEW1uLNPsLU9ATBxGuM1U19thB
bitcoin pay forward project: 15pjRCNT2CpzVo7HQ6b6r4q18Vv4Da7y9K

Joachim Müller

Valid report, moving to bugs section. Needs looking into, please stay tuned for the fix.

Nibbler

There are no vulnerabilities here, seems to be the result of an automated code scanner.

Joachim Müller

Imo there are vulnerabilities on certain, unsecure server-setups, with the vars in the URL not being defined within the script under all circumstances. Best practise is to define all vars used, particularly those that are being used as a path or the ones sent to the shell using exec.
The fixes for the vulnerabilities are easy: just add $cmd = '';and similar to the top of the pages that are being mentioned.
Imo this should be fixed, and yes, they even justify a maintenance release imo.

Nibbler

Well that is what they scanned for, but I didn't find any cases which were actually exploitable. They were contained within functions so no injected variables would be in scope. I agree they should be fixed but I don't think it warrants a release unless the flaws can actually be abused. Maybe I missed something.

Joachim Müller

Yes, they reside within functions, you're right.