MantisBT - Piwigo
View Issue Details
0002843Piwigosecuritypublic2013.02.11 22:482013.02.19 22:36
plg 
plg 
normalminorunable to reproduce
closedfixed 
2.4.6 
2.4.72.4.7 
any
Apache 1.3.x
0002843: [install.php on Windows] improved security on temporary config file download
Add user input check on $_GET['dl']

I was not able to reproduce any security failure on Linux but let's add a filter to increase security.
if Piwigo is installed on Windows, install.php.dl=../../comments.php
Originally reported by htbridge https://www.htbridge.com/advisory/HTB23144 [^]

Secondly reported by Gjoko Krstic http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php [^]
No tags attached.
Issue History
2013.02.11 22:48plgNew Issue
2013.02.11 22:48plgStatusnew => assigned
2013.02.11 22:48plgAssigned To => plg
2013.02.11 22:48plgbrowser => any
2013.02.11 22:48plgWeb server => Apache 1.3.x
2013.02.11 22:50plgNote Added: 0006843
2013.02.11 22:50plgNote Edited: 0006843
2013.02.11 22:52svnCheckin
2013.02.11 22:52svnNote Added: 0006844
2013.02.12 10:19plgStatusassigned => closed
2013.02.12 10:19plgResolutionopen => fixed
2013.02.12 10:19plgFixed in Version => 2.4.7
2013.02.18 16:23plgSummary[install.php] improved security on temporary config file download => [install.php on Windows] improved security on temporary config file download
2013.02.18 16:23plgSteps to Reproduce Updated
2013.02.18 16:23plgDescription Updated
2013.02.19 22:36plgAdditional Information Updated

Notes
(0006843)
plg   
2013.02.11 22:50   
[Subversion] r20706 on branch 2.4

(0006844)
svn   
2013.02.11 22:52   
[Subversion] r20707 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20706 from branch 2.4 to trunk

bug 2843: filter $_GET['dl'], it must be a md5sum-like string and nothing else