Running gallery?
error
error at sonic.net
Mon Feb 10 10:29:21 PST 2003
So yesterday I was installing gallery and I found a huge security hole.
The entire gallery.sf.net project has a really bad security model.
I made a really fast boring advisory here:
http://online.securityfocus.com/archive/1/311161/2003-02-07/2003-02-13/0
No exploit code provided but since you can just do this:
#!/bin/bash
cp mydir /var/www/albums/
cp .htaccess /var/www/albums/
It's not that hard to do ;-)
With that said, it really only matters if you use a multi-usersystem without a chrooted apache set up.
--
error <error at sonic.net>
More information about the talk
mailing list