[geeklog-devel] 1.5 Installer stuff

Joe Mucchiello joe at ThrowingDice.com
Thu Oct 11 22:57:04 EDT 2007

Previous message: [geeklog-devel] 1.5 Installer stuff
Next message: [geeklog-devel] 1.5 Installer stuff
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Do you remember this checkin a couple days ago? Language files
sometimes execute code. And thus are vulnerable when register_global
is on (and the language directory is in the webroot).

--- 1162,1167 ----
89 => 'Unable to find an OpenID server for the given identity URL.',
90 => 'OpenID identification cancelled.',
! 91 => 'You specified an invalid identity URL.',
! 92 => 'Please ' . COM_createLink('check the security of your
site', $_CONF['site_admin_url'] . '/sectest.php') . ' before using it!'
);

Example:
http://example.com/geeklog/languages/english.php?_CONF[site_admin_url]=http://evil.com

Joe

At 10:45 PM 10/11/2007, Oliver Spiesshofer wrote:

>I always assumed that this problem is only there with files that

>have actual code in them and not only variables.

>given that this file has some system variables it might be a problem

>here, but I am not sure with the language files.

>

>Oliver

>

>Joe Mucchiello wrote:

>>There's a bunch security vulnerabilities from older version of

>>Geeklog where you could take over the site using php files that are

>>not intended as URL target combined with register_globals on. So

>>yeah, the language files should also probably have them too.

>>

>>At 09:45 PM 10/11/2007, Oliver Spiesshofer wrote:

>>>Oliver Spiesshofer wrote:

>>>>Joe Mucchiello wrote:

>>>>>I put a / in the database prefix (by mistake) and received a

>>>>>cryptic database error. That field should be validated.

>>>>>

>>>>>

>>>>>siteconfig.php needs the

>>>>>

>>>>>if (strpos ($_SERVER['PHP_SELF'], 'siteconfig.php') !== false) {

>>>>> die ('This file can not be used on its own!');

>>>>>}

>>>>>

>>>>>or a

>>>>>

>>>>> header('location: index.php');

>>>>noted.

>>>taking a look at it now.... why? Should we do it with all the

>>>languages files then also?

>>>

>>>Oliver

>>>_______________________________________________

>>>geeklog-devel mailing list

>>>geeklog-devel at lists.geeklog.net

>>>http://eight.pairlist.net/mailman/listinfo/geeklog-devel

>>

>>----

>>Joe Mucchiello

>>Throwing Dice Games

>>http://www.throwingdice.com

>>_______________________________________________

>>geeklog-devel mailing list

>>geeklog-devel at lists.geeklog.net

>>http://eight.pairlist.net/mailman/listinfo/geeklog-devel

>>

>

>_______________________________________________

>geeklog-devel mailing list

>geeklog-devel at lists.geeklog.net

>http://eight.pairlist.net/mailman/listinfo/geeklog-devel

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com

Previous message: [geeklog-devel] 1.5 Installer stuff
Next message: [geeklog-devel] 1.5 Installer stuff
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list