Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Gallery exploit
« previous next »
Pages: [1]   Go Down

Gallery exploit

  • 5 Replies
  • 766 Views

Allen Rapini

Gallery exploit
« on: August 02, 2002, 07:08:26 AM »
This is NOT an e-smith bug, but there is a recently reported flaw in the Gallery .php scripting that can result in what seems to be a serious exploit. Info, and several different types of fixes for it are availible at the below link. They only take a minute to apply.

http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&mode=thread&order=0&thold=0

The above link is all one line, but I never know how they will actually display when posted. If you like you can just go to http://gallery.menalto.com and see the front page for more info.
Logged

Michael Smith

Re: Gallery exploit
« Reply #1 on: August 06, 2002, 07:40:50 PM »
A big THANK YOU for pointing this out!  I'd've not gotten around to looking at Gallery for awhile as I'd recently updated to 1.3 and was quite happy.  Nice work!
Logged

Dan Brown

Re: Gallery exploit
« Reply #2 on: August 09, 2002, 05:45:26 AM »
Thanks for the pointer--I've updated my HOWTO to refer to version 1.3.1 of Gallery, which is supposed to fix this hole.
Logged

JL

Re: Gallery exploit
« Reply #3 on: August 31, 2002, 06:59:17 PM »
Dan,
As always, thanks for your How-To's. Figured I'd go whole hog and clean install sme 5.5 and gallery 1.3.1 .

Item of interest... gallery 1.3.1 does not work with SME 5.5. Images dont get displayed. they seem to get generated OK ( looking at the status sheet during file import ). For some reason thumbs and gallery images only display as a black box.

Still looking into this isuue :) Hope to find it soon.
Logged

Dan Brown

Re: Gallery exploit
« Reply #4 on: September 01, 2002, 11:15:41 PM »
JL, I think I've got it taken care of, though all I've done is update the required RPMs.  Take a look at http://www.familybrown.org/howtos/gallery-howto-sme55.html and let me know how to get on.
Logged

JL

Re: Gallery exploit
« Reply #5 on: September 02, 2002, 07:13:57 PM »
I found out that "your" gallery conflicts with myPHPnuke's egallery :)
Neither one worked... so I backed out "your" gallery and all of a sudden myPHPnuke's egallery started working again. T'was a weird thing %-). So... off to prove my point, i reinstalled from scratch, three times,  installed myPHPnuke and found it's egallery to work fine. Installed gallery 1.3.1 per your new and old instructions, and both went to @#$%.
Looks like something to do with the gallery package and not jhead or the 3rpm's you called out.

Thanks for the help and quick response! As always, I appreciate your work. Have a virtual beer on me :)
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Gallery exploit