Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: workaround? for imei vulnerability  (Read 4525 times)

0 Members and 1 Guest are viewing this topic.

cpguser

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
workaround? for imei vulnerability
« on: April 18, 2006, 12:02:40 am »

There has been a suggestion posted by Dariusz Kolasinski in bugtraq regarding vuln. discovered by imei addmimistrator

Quote
...change...

[SNIP]
$file = str_replace('//','',str_replace('..','',$_GET['file']));
[/SNIP]

to:

[SNIP]
$file = str_replace('..','',$_GET['file']);
[/SNIP]


Is this viable? Should we apply this workaround?

« Last Edit: April 21, 2006, 09:25:10 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: workaround? for imei vulnerability
« Reply #1 on: April 18, 2006, 09:07:19 am »

you already asked this, and I moved your posting to a dev-only zone for discussion, leaving a redirector thread that told you exactly that. Once we have looked into the issue, we'll post a fix. Don't keep on posting the same question again. Comment out the whole line if you're afraid as suggested by Nibbler on the dev-only thread:
I'd recommend commenting out the section involved until someone comes up with a way to clean it properly.

Code: [Select]
/*
if (isset($_GET['file'])) {
    // Scrub: Remove '..' and leftover '//' from filename
    $file = str_replace('//','',str_replace('..','',$_GET['file']));
    $path = './plugins/'.$file.'.php';

    // Don't include the codebase and credits files
    if ($file != 'codebase' && $file != 'configuration' && file_exists($path)) {

        // Include the code from the plugin
        include_once($path);
        $file = true;
    } else {
        $file = false;
    }
}
*/
Logged

cpguser

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: workaround? for imei vulnerability
« Reply #2 on: April 18, 2006, 03:46:51 pm »

Quote
Don't keep on posting the same question again.
It is really not the same question. is it? First post was to inform you in case you were not aware. That post was moved to a board which I don't have access to hence there was no way I could have seen Nibbler's suggestion.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: workaround? for imei vulnerability
« Reply #3 on: April 19, 2006, 09:12:39 am »

as I suggested: Nibbler's code is a quick'n dirty fix, not a final one. We're looking for a final fix as soon as possible and will announce it publicly.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 20 queries.