[geeklog-users] Geeklog/Gallery vulnerability

Jason Signalness jason at btiadmin.net
Tue Dec 9 23:33:47 EST 2003


Thanks Tony.

Tony Bibbs wrote:

> Correct, it is only with that plugin. Read this:
>
> http://www.geeklog.net/article.php?story=2003120922482655
>
> --Tony
>
> Dirk Haun wrote:
>
>> Jason,
>>
>>
>>> This article worries me a bit:
>>> http://www.securityfocus.com/guest/24043
>>
>>
>> [...]
>>
>>> The vulerability discussed allowed me to write arbitrary data to the 
>>> server's hard disk, run all kinds of shell commands, and get the 
>>> output back in my browser.  Worrying to be sure.
>>
>>
>>
>> Hmm, I've only skimmed the article yet but my first impression was that
>> it a) was "only" a problem of the Geeklog/Gallery integration (not of
>> Geeklog itself) and b) was "only" used to send spam.
>>
>> I must have missed the bit about writing to the server's hard disk, 
>> but I
>> don't really have the time now to look into it. Can someone confirm if
>> this is "only" a problem with the Gallery integration?
>>
>> bye, Dirk
>>
>>
>
>





More information about the geeklog-users mailing list