Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

No new stories

Comments last 2 weeks

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

Downloads last 2 weeks

No new files

Welcome to Geeklog Wednesday, August 31 2016 @ 05:42 pm EDT

 Forum Index > Development & Coding > Geeklog New Topic Post Reply
 Exploit published on milw0rm for
Prev Topic Next Topic
   
Anonymous: tito
 25/08/2008 12:42pm (Read 2017 times)  
Hi, i've seen this post today, and i don't find any subject on forum... For information :

http://www.milw0rm.com/exploits/6306

++tito;
 
 Quote
Dirk
 25/08/2008 12:58pm  

Admin

Status: offline
Site Admin

Registered: 12/01/2002
Posts: 13073
Location:Stuttgart, Germany
Patience, please - I've only seen this a couple of minutes ago myself.

At first glance, this seems to rely on certain versions of FCKeditor. The URL used in that script doesn't exist in Geeklog 1.5.0, so at least for 1.5.0 this doesn't work.

More later ...

bye, Dirk
 
Profile Email Website
 Quote
Yeraze
 25/08/2008 02:47pm  

Newbie

Status: offline
Forum User

Registered: 19/02/2006
Posts: 10
The file _does_ exist on my install.. I had 1.4 previously and upgraded. While the file doesn't exist in a 1.5 clean, it does existin a 1.4 upgrade it seems.

I simply erased my entire fckeditor directory and copied it from the 1.5 public_html again, so I'm hoping I'm patched now.
 
Profile Email Website
 Quote
Dirk
 25/08/2008 03:00pm  

Admin

Status: offline
Site Admin

Registered: 12/01/2002
Posts: 13073
Location:Stuttgart, Germany
When upgrading, the recommendation is to remove all the old files first - exactly for cases like this, where the file was removed from newer versions.

In 1.5.0, there's an upload script (within FCKeditor) in a different location. So I guess in theory this should also work on 1.5.0 if you changed the URL.

I say in theory because I couldn't get it to work, neither with 1.4.1 nor 1.5.0.

For the moment, though, it probably can't hurt to disable the upload in FCKeditor entirely - or remove the public "fckeditor" directory.

On 1.4.1, edit public_html/fckeditor/editor/filemanager/upload/php/config.php
On 1.5.0, edit public_html/fckeditor/editor/filemanager/connectors/php/config.php

In both cases, find the line that reads
PHP Formatted Code
$Config['Enabled'] = true ;
and change it to read
PHP Formatted Code
$Config['Enabled'] = false;


Note: Since this exploit does try to access FCKeditor directly, it won't matter if you have the "Advanced Editor" enabled in Geeklog or not. Do the above in any case.

We're still looking into the issue and let you know when we find anything.

Anyone wanting to provide more information, please do so at our security contact address. Thanks.

bye, Dirk
 
Profile Email Website
 Quote
Anonymous: RichardBKK
 25/08/2008 10:47pm  
The temp solution is pretty simple, disable advanced editor and change permission to the fckeditor folder....

I'm sure that Dirk and other members of Geeklog will come up with a more permanent solution...

Richard
 
 Quote
DubiousChrisJ
 26/08/2008 12:01am  

Regular Poster

Status: offline
Forum User

Registered: 10/05/2005
Posts: 114
How easy it is depends on how many instances of GL you have running...I sincerely hope I don't have to go chase through every installation looking for that. I tried to update to 1.5 previously, and couldn't get the upgrade to work, so rolled back. I'll be watching anxiously... :pray:

Luhme summa dat GL.
 
Profile Email Website
 Quote
gulftech
 26/08/2008 08:09am  

Newbie

Status: offline
Forum User

Registered: 17/02/2006
Posts: 1
Location:Mississippi
One thing I do see is that the extensions seem to be filtered, so as far as I can tell this can't be used to upload "illegal" file types. However, I m saying this by just looking at the code, I haven't tested the filetypes yet.

Edit: Edited the post containing 1.5 path info since i now see dirk already posted it on page 1.
 
Profile Email Website
 Quote
Content generated in: 1.83 seconds New Topic Post Reply
 All times are EDT. The time is now 05:42 pm.
Normal Topic Normal Topic
Sticky Topic Sticky Topic
Locked Topic Locked Topic
New Post New Post
Sticky Topic W/ New Post Sticky Topic W/ New Post
Locked Topic W/ New Post Locked Topic W/ New Post
View Anonymous Posts 
Able to post 
Filtered HTML Allowed 
Censored Content