Dnia sobota, 15 kwietnia 2006 07:26, addmimistrator@xxxxxxxxx napisał: > ORIGINAL ADVISORY: > http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclu >sionsystemindexphp-remotefileinclusion-attack.html ——————-Summary—————- > Software: CPG Coppermine Photo Gallery > Sowtware’s Web Site: http://coppermine.sourceforge.net/ > Versions: 1.4.4.stable > Class: Remote > Status: Unpatched > Exploit: Available > Solution: Available > Discovered by: imei addmimistrator > Risk Level: High > > SEE ORIGINAL ADV FOR MORE INFO! Quick fix: change following lines in index.php: [SNIP] $file = str_replace('//','',str_replace('..','',$_GET['file'])); [/SNIP] to: [SNIP] $file = str_replace('..','',$_GET['file']); [/SNIP] -- Pozdrawiam, Dariusz Kolasinski <Linux Administrator>
