[geeklog-users] Geeklog/Gallery vulnerability

Dirk Haun dirk at haun-online.de
Tue Dec 9 17:32:34 EST 2003


Jason,

>This article worries me a bit:
>http://www.securityfocus.com/guest/24043
[...]
>The vulerability discussed allowed me to write arbitrary data to the 
>server's hard disk, run all kinds of shell commands, and get the output 
>back in my browser.  Worrying to be sure.

Hmm, I've only skimmed the article yet but my first impression was that
it a) was "only" a problem of the Geeklog/Gallery integration (not of
Geeklog itself) and b) was "only" used to send spam.

I must have missed the bit about writing to the server's hard disk, but I
don't really have the time now to look into it. Can someone confirm if
this is "only" a problem with the Gallery integration?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.tinyweb.de/




More information about the geeklog-users mailing list