[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Feb 2012 23:39:15 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: kseifried@...hat.com, corryl80@...il.com, bugtraq@...urityfocus.com
Subject: Re: Case YVS Image Gallery
On Mon, Feb 27, 2012 at 09:31:52AM -0700, Kurt Seifried wrote:
> If you make a list of issues (e.g. XSS, CSRF, etc) with the code
> examples I can assign the various blocks of issues CVEs.
1. ./administration/install.php opens ../functions/db_connect.php and writes to file without input validation leading to PHP code injection with all variables if any contains for example: ";} ?> <?php print("Hello World"); exit("") ?>
Note that install guide in web says: "after instalation is complete, delete the "install.php" file" and install.php does not need permissions.
2. ./administration/create_album.php does not have proper input validation leading to stored XSS, which can only be added by administrators, but I don't think this as a limit after other vulnerabilities. XSS will also be shown to normal users (mainpage).
- Henri Salo
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
