Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002843Piwigosecuritypublic2013.02.11 22:482013.02.19 22:36
Reporterplg 
Assigned Toplg 
PrioritynormalSeverityminorReproducibilityunable to reproduce
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.4.6 
Target Version2.4.7Fixed in Version2.4.7 
Summary0002843: [install.php on Windows] improved security on temporary config file download
DescriptionAdd user input check on $_GET['dl']

I was not able to reproduce any security failure on Linux but let's add a filter to increase security.
Steps To Reproduceif Piwigo is installed on Windows, install.php.dl=../../comments.php
Additional InformationOriginally reported by htbridge https://www.htbridge.com/advisory/HTB23144 [^]

Secondly reported by Gjoko Krstic http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php [^]
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0006843)
plg (manager)
2013.02.11 22:50
edited on: 2013.02.11 22:50

[Subversion] r20706 on branch 2.4

(0006844)
svn (reporter)
2013.02.11 22:52

[Subversion] r20707 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20706 from branch 2.4 to trunk

bug 2843: filter $_GET['dl'], it must be a md5sum-like string and nothing else

- Issue History
Date Modified Username Field Change
2013.02.11 22:48 plg New Issue
2013.02.11 22:48 plg Status new => assigned
2013.02.11 22:48 plg Assigned To => plg
2013.02.11 22:48 plg browser => any
2013.02.11 22:48 plg Web server => Apache 1.3.x
2013.02.11 22:50 plg Note Added: 0006843
2013.02.11 22:50 plg Note Edited: 0006843
2013.02.11 22:52 svn Checkin
2013.02.11 22:52 svn Note Added: 0006844
2013.02.12 10:19 plg Status assigned => closed
2013.02.12 10:19 plg Resolution open => fixed
2013.02.12 10:19 plg Fixed in Version => 2.4.7
2013.02.18 16:23 plg Summary [install.php] improved security on temporary config file download => [install.php on Windows] improved security on temporary config file download
2013.02.18 16:23 plg Steps to Reproduce Updated
2013.02.18 16:23 plg Description Updated
2013.02.19 22:36 plg Additional Information Updated


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker