Welcome to Geeklog, Anonymous Tuesday, April 16 2024 @ 02:50 pm EDT

Security Vulnerability in Media Gallery v1.4x

Tuesday, May 15 2007 @ 09:53 am EDT
Contributed by: mevans
Views: 8,119

A security vulnerability has been identified in Media Gallery affecting all of the v1.4 releases. This vulnerability could allow properly crafted URLs to load files onto your web server and potentially overwrite existing files. Media Gallery v1.4.8b has been released to address this vulnerability and should be upgraded immediately! My thanks to Max for reporting this issue this morning and providing the relevant site logs to validate the vulnerability.

If you do not want to upgrade to the latest version of Media Gallery, you should apply the following patch:

Edit mediagallery/maint/ftpmedia.php

Near the top, immediately before the following line:

require_once($_MG_CONF['path_html'] . 'lib-batch.php');

Add the following code:

// this file can't be used on its own
if (strpos ($_SERVER['PHP_SELF'], 'ftpmedia.php') !== false)
{
    die ('This file can not be used on its own.');
}

Save ftpmedia.php. This should resolve the issue.

For more information on other enhancements and fixes to Media Gallery v1.4.8b, please see www.gllabs.org.

Thanks!
Mark

Comments

Security Vulnerability in Media Gallery v1.4x | 4 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Security Vulnerability in Media Gallery v1.4x

Authored by: amckay on Thursday, June 14 2007 @ 11:18 am EDT

One of my sites just got hacked using the cmdx.php program inside the "maint" directory.

Simply FYI.

I can send you apache logs if interested. Contact me in email : alan(dot)mckay(thatfunnysign)gmail(dotheretoo)com

Security Vulnerability in Media Gallery v1.4x

Authored by: amckay on Thursday, June 14 2007 @ 01:23 pm EDT

aha, in closer examination of the logs I see that 'cmdx.php' is something the hacker installed by means of your FTP program. Scary stuff. This cmdx.php thing has allowed him to execute all sorts of commands on my server. Full directory listings. Deleting files, etc.

Security Vulnerability in Media Gallery v1.4x

Authored by: mevans on Thursday, June 14 2007 @ 04:09 pm EDT

Just to confirm, this was caused by the original vulnerability in the ftpmedia.php file, not a new issue?

---
gl Labs - extending Geeklog through plugins - www.gllabs.org

Security Vulnerability in Media Gallery v1.4x

Authored by: richardpitt on Monday, October 22 2007 @ 09:23 pm EDT

One of my sites - with MG 1.5.0 got hacked on Oct 10, 2007 at about 10PM Eastern.

In my logs I have record of attempts for the previous version back in May 2007 and this one looks similar - they added a link to a bogus firefox download to the footer.thtml file in my geeklog

Warning: Javascript required to enable functionality

Security Vulnerability in Media Gallery v1.4x

Search

Resources

About

Getting started

Support

Development

Topics

User Functions

What's New

Articles last 4 weeks

Comments last 4 weeks

Pages last 4 weeks

Links last 4 weeks

Downloads last 4 weeks