Author Topic: [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php  (Read 19922 times)

0 Members and 1 Guest are viewing this topic.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.423
    • View Profile
    • 4images - Image Gallery Management System
A open redirect vulnerability in the 4images admin panel 1.7 - 1.7.10 has been found.

To fix this:

In admin/index.php

find

if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo 
"<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;



and replace it with

if ($redirect != "") {
if (
strpos($redirect'://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo 
"<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search


Offline mahsabk

  • Newbie
  • *
  • Posts: 16
    • View Profile
    • شرکت بازرسی فنی جرثقیل
goood 8O
<a href="http://karenlift.com">بازرسی جرثقیل آسانسور و لیفتراک</a>
<a href="http://karenweld.com">بازرسی جوش</a>
<a href="http://samitechnic.com">تعمیرات لوازم خانگی</a>