[geeklog-users] Geeklog/Gallery vulnerability

Tony Bibbs tony at tonybibbs.com
Tue Dec 9 23:07:37 EST 2003


Correct, it is only with that plugin. Read this:

http://www.geeklog.net/article.php?story=2003120922482655

--Tony

Dirk Haun wrote:

> Jason,
> 
> 
>>This article worries me a bit:
>>http://www.securityfocus.com/guest/24043
> 
> [...]
> 
>>The vulerability discussed allowed me to write arbitrary data to the 
>>server's hard disk, run all kinds of shell commands, and get the output 
>>back in my browser.  Worrying to be sure.
> 
> 
> Hmm, I've only skimmed the article yet but my first impression was that
> it a) was "only" a problem of the Geeklog/Gallery integration (not of
> Geeklog itself) and b) was "only" used to send spam.
> 
> I must have missed the bit about writing to the server's hard disk, but I
> don't really have the time now to look into it. Can someone confirm if
> this is "only" a problem with the Gallery integration?
> 
> bye, Dirk
> 
> 


-- 
+-------------------+--------------------------------------------------+
|Tony Bibbs         |[R]egardless of what you may think of our penal   |
|tony at tonybibbs.com |system, the fact is that every man in jail is one |
|                   |less potential fisherman to clutter up your       |
|                   |favorite pool or pond. --Ed Zern                  | 

+-------------------+--------------------------------------------------+




More information about the geeklog-users mailing list