Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002843 [Piwigo] security minor unable to reproduce 2013.02.11 22:48 2013.02.19 22:36
Reporter plg View Status public  
Assigned To plg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 2.4.7 Product Version 2.4.6
  Target Version 2.4.7 Product Build
Summary 0002843: [install.php on Windows] improved security on temporary config file download
Description Add user input check on $_GET['dl']

I was not able to reproduce any security failure on Linux but let's add a filter to increase security.
Steps To Reproduce if Piwigo is installed on Windows, install.php.dl=../../comments.php
Additional Information Originally reported by htbridge https://www.htbridge.com/advisory/HTB23144 [^]

Secondly reported by Gjoko Krstic http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5127.php [^]
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
(0006843)
plg (manager)
2013.02.11 22:50
edited on: 2013.02.11 22:50

[Subversion] r20706 on branch 2.4

(0006844)
svn (reporter)
2013.02.11 22:52

[Subversion] r20707 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r20706 from branch 2.4 to trunk

bug 2843: filter $_GET['dl'], it must be a md5sum-like string and nothing else

- Issue History
Date Modified Username Field Change
2013.02.11 22:48 plg New Issue
2013.02.11 22:48 plg Status new => assigned
2013.02.11 22:48 plg Assigned To => plg
2013.02.11 22:48 plg browser => any
2013.02.11 22:48 plg Web server => Apache 1.3.x
2013.02.11 22:50 plg Note Added: 0006843
2013.02.11 22:50 plg Note Edited: 0006843
2013.02.11 22:52 svn Checkin
2013.02.11 22:52 svn Note Added: 0006844
2013.02.12 10:19 plg Status assigned => closed
2013.02.12 10:19 plg Resolution open => fixed
2013.02.12 10:19 plg Fixed in Version => 2.4.7
2013.02.18 16:23 plg Summary [install.php] improved security on temporary config file download => [install.php on Windows] improved security on temporary config file download
2013.02.18 16:23 plg Steps to Reproduce Updated
2013.02.18 16:23 plg Description Updated
2013.02.19 22:36 plg Additional Information Updated


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker