Full Disclosure mailing list archives
Fwd: Case YVS Image Gallery
From: Andre Silaghi <andre.silaghi () googlemail com>
Date: Mon, 27 Feb 2012 12:47:27 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm just forwarding this for you. Hope you enjoy :) - -------- Original-Nachricht -------- Betreff: [oss-security] Case YVS Image Gallery Datum: Mon, 27 Feb 2012 13:32:52 +0200 Von: Henri Salo <henri () nerv fi> Antwort an: oss-security () lists openwall com An: oss-security () lists openwall com Kopie (CC): corryl80 () gmail com, bugtraq () securityfocus com http://osvdb.org/show/osvdb/79477 The software "YVS Image Gallery" seems to be full of security issues. For example one can have lots of fun with this. Copy from installation.php: """ case(isset($_POST['db_name'])): $host = $_POST['host']; $db_name = $_POST['db_name']; $db_user_name = $_POST['db_user_name']; $db_password = $_POST['db_password']; $admin_name = $_POST['admin_name']; $admin_password = $_POST['admin_password']; $o_host = $_POST['o_host']; $o_db_name = $_POST['o_db_name']; $o_db_user_name = $_POST['o_db_user_name']; $o_db_password = $_POST['o_db_password']; //read in the file $file = "../functions/db_connect.php"; $fh = fopen($file, 'r+'); $contents = fread($fh, filesize($file)); //set up the text to change $text_to_change = array(); $new_text = array(); $text_to_change[] = '$dbhost="'.$o_host.'"'; $text_to_change[] = '$dbuser="'.$o_db_user_name.'"'; $text_to_change[] = '$dbpass="'.$o_db_password.'"'; $text_to_change[] = '$dbname="'.$o_db_name.'"'; $new_text[] = '$dbhost="'.$host.'"'; $new_text[] = '$dbuser="'.$db_user_name.'"'; $new_text[] = '$dbpass="'.$db_password.'"'; $new_text[] = '$dbname="'.$db_name.'"'; $new_contents = str_replace($text_to_change, $new_text, $contents); fclose($fh); // Open file to write $fh = fopen($file, 'r+'); fwrite($fh, $new_contents); fclose($fh); //set up new admin user include '../functions/db_connect.php'; db_connect(); """ I'll bet this software is not used much, but I can list all problems I can find if we want to assign CVE-identifiers to cases like these. No contact information of developer found. Any ideas how to get these fixed or get the code out of internet. The package is also hosted in here: http://www.hotscripts.com/listing/yvs-image-gallery/ (and probably others). - - Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPS21OAAoJEOtuXFFW9/UbSgMP/1nScj8Syt2ig84AEmY9D0fu RvI79FPyKpKANaLCHGNBrwy5MCufjdWaE74aqxwHop44HZ0rkhxeKhBfZlq5FqVp v+b7OBlLmKoU6HwofNajlVop7VZXdQicykLxfxTi0CnRhbOb1++cz4XqqHxHqzhj xR/bg0Cm3IQoPd5bhT03W6X+f9IvwVHhU3JLaBUqAVVNtGJ/mx05E0gvaXK5Iguw dFdv+/f798rDpQUAHA8QMA0dJ92/xdVJfAWHUFhN9OdF157kAsc8VRRq6IuIOr5Q VmRHPZHe1yci+sUS2nUyY5VdcHE3Vga2iZWXIitketWBAqs0XqikszIe4wko2MzJ xWST4+D0/ytG+w2f6J/F71NSwWNCRm/Q368bNkmqmxGajFSHCje+1fSQ7UlM6tSh iua5IZcTynbRV9XPVPhYaulpGmXZYZ8yiB7kJF+Y/aTe/RxGcbquPVwRUFgEHGkn TbXktN2hrcrA847c89LY0kwWsf9QLInCp/TavaV7jTcv4qLHSozRDt2mYna7TZs7 N6g76fCwA1ojowPvf9gHq4CtEUH+onVQViaUCj59eu+w6LlmW0kkTK9pQM0RAneN dtKHcxn02AVSAY4ftsBNEFbUgoMrTqlc8aChDTvgpnN9kEmyMnUxuDjefbjk88gU vRXGe1rldD0mOXJ5RoDf =6I4a -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: Case YVS Image Gallery Andre Silaghi (Feb 27)