Date: Mon, 19 Mar 2012 12:53:31 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi>, corryl80@...il.com, bugtraq@...urityfocus.com Subject: Re: Case YVS Image Gallery On 02/27/2012 02:39 PM, Henri Salo wrote: > On Mon, Feb 27, 2012 at 09:31:52AM -0700, Kurt Seifried wrote: >> If you make a list of issues (e.g. XSS, CSRF, etc) with the code >> examples I can assign the various blocks of issues CVEs. > > 1. ./administration/install.php opens ../functions/db_connect.php and writes to file without input validation leading to PHP code injection with all variables if any contains for example: ";} ?> <?php print("Hello World"); exit("") ?> > > Note that install guide in web says: "after instalation is complete, delete the "install.php" file" and install.php does not need permissions. Never heard back, for now I'm going to go with the "it's documented, therefore it's not a bug but a config issue" > 2. ./administration/create_album.php does not have proper input validation leading to stored XSS, which can only be added by administrators, but I don't think this as a limit after other vulnerabilities. XSS will also be shown to normal users (mainpage). > > - Henri Salo Please use CVE-2012-1564 for the XSS in administration/create_album.php issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.