4images Forum & Community

4images Modifications / Modifikationen => Mods & Plugins (Requests & Discussions) => Topic started by: arhimede on February 27, 2006, 06:42:53 PM

Title: Secunia: 4images "template" Parameter File Inclusion Vulnerability
Post by: arhimede on February 27, 2006, 06:42:53 PM

[removed] there is a fix for this exploit ? Thanks

Title: Re: Secunia: 4images "template" Parameter File Inclusion Vulnerability
Post by: IcEcReaM on February 27, 2006, 08:56:20 PM

hmmm, i tried it and unfortunatley it worked,
and it's an great security hole.

with the backdoor it's possible to execute command line commands.

A first fix would be:
in index.php find:

Code: [Select]

  $template = (isset($HTTP_GET_VARS['template'])) ? stripslashes(trim($HTTP_GET_VARS['template'])) : stripslashes(trim($HTTP_POST_VARS['template']));

and replace with:

Code: [Select]

  $template = (isset($HTTP_GET_VARS['template'])) ? stripslashes(trim($HTTP_GET_VARS['template'])) : stripslashes(trim($HTTP_POST_VARS['template']));
  // Security Fix
  $patterns = array("/(\/)/","/(%2F)/");
  $template = preg_replace ($patterns,"",$template);
  // Security Fix

One user already told that he was hacked,
maybe through this exploit.

Title: Re: Secunia: 4images "template" Parameter File Inclusion Vulnerability
Post by: V@no on February 28, 2006, 02:41:57 PM

I've removed the link for security reason