Date: Mon, 27 Feb 2012 23:39:15 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: kseifried@...hat.com, corryl80@...il.com, bugtraq@...urityfocus.com Subject: Re: Case YVS Image Gallery On Mon, Feb 27, 2012 at 09:31:52AM -0700, Kurt Seifried wrote: > If you make a list of issues (e.g. XSS, CSRF, etc) with the code > examples I can assign the various blocks of issues CVEs. 1. ./administration/install.php opens ../functions/db_connect.php and writes to file without input validation leading to PHP code injection with all variables if any contains for example: ";} ?> <?php print("Hello World"); exit("") ?> Note that install guide in web says: "after instalation is complete, delete the "install.php" file" and install.php does not need permissions. 2. ./administration/create_album.php does not have proper input validation leading to stored XSS, which can only be added by administrators, but I don't think this as a limit after other vulnerabilities. XSS will also be shown to normal users (mainpage). - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.