Author Topic: Secunia: 4images "template" Parameter File Inclusion Vulnerability (Read 5673 times)

arhimede · « **on:** February 27, 2006, 06:42:53 PM »

[removed] there is a fix for this exploit ? Thanks

IcEcReaM · « **Reply #1 on:** February 27, 2006, 08:56:20 PM »

hmmm, i tried it and unfortunatley it worked,
and it's an great security hole.

with the backdoor it's possible to execute command line commands.

A first fix would be:
in index.php find:

Code: [Select]

  $template = (isset($HTTP_GET_VARS['template'])) ? stripslashes(trim($HTTP_GET_VARS['template'])) : stripslashes(trim($HTTP_POST_VARS['template']));

and replace with:

Code: [Select]

  $template = (isset($HTTP_GET_VARS['template'])) ? stripslashes(trim($HTTP_GET_VARS['template'])) : stripslashes(trim($HTTP_POST_VARS['template']));
  // Security Fix
  $patterns = array("/(\/)/","/(%2F)/");
  $template = preg_replace ($patterns,"",$template);
  // Security Fix

One user already told that he was hacked,
maybe through this exploit.

V@no · « **Reply #2 on:** February 28, 2006, 02:41:57 PM »

I've removed the link for security reason

4images Forum & Community

News:

Author Topic: Secunia: 4images "template" Parameter File Inclusion Vulnerability (Read 5673 times)

arhimede

Secunia: 4images "template" Parameter File Inclusion Vulnerability

IcEcReaM

Re: Secunia: 4images "template" Parameter File Inclusion Vulnerability

V@no

Re: Secunia: 4images "template" Parameter File Inclusion Vulnerability