Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Case YVS Image Gallery

From: Henri Salo <henri () nerv fi>
Date: Mon, 27 Feb 2012 13:32:52 +0200
http://osvdb.org/show/osvdb/79477

The software "YVS Image Gallery" seems to be full of security issues. For example one can have lots of fun with this. 
Copy from installation.php:

"""
    case(isset($_POST['db_name'])):

        $host = $_POST['host'];
        $db_name = $_POST['db_name'];
        $db_user_name = $_POST['db_user_name'];
        $db_password = $_POST['db_password'];

        $admin_name = $_POST['admin_name'];
        $admin_password = $_POST['admin_password'];

        $o_host = $_POST['o_host'];
        $o_db_name = $_POST['o_db_name'];
        $o_db_user_name = $_POST['o_db_user_name'];
        $o_db_password = $_POST['o_db_password'];

        //read in the file
        $file = "../functions/db_connect.php";
        $fh = fopen($file, 'r+');
        $contents = fread($fh, filesize($file));

        //set up the text to change
        $text_to_change = array();
        $new_text = array();

        $text_to_change[] = '$dbhost="'.$o_host.'"';
        $text_to_change[] = '$dbuser="'.$o_db_user_name.'"';
        $text_to_change[] = '$dbpass="'.$o_db_password.'"';
        $text_to_change[] = '$dbname="'.$o_db_name.'"';

        $new_text[] = '$dbhost="'.$host.'"';
        $new_text[] = '$dbuser="'.$db_user_name.'"';
        $new_text[] = '$dbpass="'.$db_password.'"';
        $new_text[] = '$dbname="'.$db_name.'"';

        $new_contents = str_replace($text_to_change, $new_text, $contents);
        fclose($fh);

        // Open file to write
        $fh = fopen($file, 'r+');
        fwrite($fh, $new_contents);
        fclose($fh);

        //set up new admin user

        include '../functions/db_connect.php';

        db_connect();
"""

I'll bet this software is not used much, but I can list all problems I can find if we want to assign CVE-identifiers to 
cases like these. No contact information of developer found. Any ideas how to get these fixed or get the code out of 
internet. The package is also hosted in here: http://www.hotscripts.com/listing/yvs-image-gallery/ (and probably 
others).

- Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: