[geeklog-devel] 1.5 Installer stuff

Joe Mucchiello joe at ThrowingDice.com
Thu Oct 11 22:57:04 EDT 2007 

Do you remember this checkin a couple days ago? Language files 
sometimes execute code. And thus are vulnerable when register_global 
is on (and the language directory is in the webroot).

--- 1162,1167 ----
       89 => 'Unable to find an OpenID server for the given identity URL.',
       90 => 'OpenID identification cancelled.',
!     91 => 'You specified an invalid identity URL.',
!     92 => 'Please ' . COM_createLink('check the security of your 
site', $_CONF['site_admin_url'] . '/sectest.php') . ' before using it!'
   );

Example: 
http://example.com/geeklog/languages/english.php?_CONF[site_admin_url]=http://evil.com

   Joe

At 10:45 PM 10/11/2007, Oliver Spiesshofer wrote:
>I always assumed that this problem is only there with files that 
>have actual code in them and not only variables.
>given that this file has some system variables it might be a problem 
>here, but I am not sure with the language files.
>
>Oliver
>
>Joe Mucchiello wrote:
>>There's a bunch security vulnerabilities from older version of 
>>Geeklog where you could take over the site using php files that are 
>>not intended as URL target combined with register_globals on. So 
>>yeah, the language files should also probably have them too.
>>
>>At 09:45 PM 10/11/2007, Oliver Spiesshofer wrote:
>>>Oliver Spiesshofer wrote:
>>>>Joe Mucchiello wrote:
>>>>>I put a / in the database prefix (by mistake) and received a 
>>>>>cryptic database error. That field should be validated.
>>>>>
>>>>>
>>>>>siteconfig.php needs the
>>>>>
>>>>>if (strpos ($_SERVER['PHP_SELF'], 'siteconfig.php') !== false) {
>>>>>     die ('This file can not be used on its own!');
>>>>>}
>>>>>
>>>>>or a
>>>>>
>>>>>    header('location: index.php');
>>>>noted.
>>>taking a look at it now.... why? Should we do it with all the 
>>>languages files then also?
>>>
>>>Oliver
>>>_______________________________________________
>>>geeklog-devel mailing list
>>>geeklog-devel at lists.geeklog.net
>>>http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>>
>>----
>>Joe Mucchiello
>>Throwing Dice Games
>>http://www.throwingdice.com
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>>
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://eight.pairlist.net/mailman/listinfo/geeklog-devel

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com

More information about the geeklog-devel mailing list