Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 24. Nov 2024, 16:16

This forum is readonly now. Please use the new forum if you don't find the answer to your question here. The new forum is at https://www.tinywebgallery.com/blog/forum/


All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: 4. Feb 2011, 05:58 
Offline

Joined: 15. May 2009, 19:07
Posts: 3
I began having trouble with an installation of TWG183 -If I tried to make any configuration changes in the admin area, the gallery would stop working with public messages that that no albums existed. In fact, all graphics associated with twg were no longer available as if the installation path was incorrect. In the admin area everything is looks fine.
The other thing that was happening was that a pop-under ad would be displayed when this occured.

I figured I had be hacked somehow so, I deleted the installation and uploaded a new one. After entering the admin area I looked at the installation check info and found that session.save_path is suddenly "Not available" on my shared server (IXWebhosting). Now curious as to why this might be, I performed a search and found the following exploit post -

http://securityreason.com/expldownload/1/9885/1 (full post is below)

Now, I have known IXWebhosting to block exploited scripts without saying anything and perhaps that is what has happened here. They disabled session.save_path in the php.ini because of the exploit. I still have not heard back yet.

So is this a problem that needs to be fixed with TWG 183? If so, is there an update already?

Thank you
Ken



START CONTENTS OF POST
# Exploit Title: TinyWebGallery v 1.8.3 Remote file include vulnerbility
# Google Dork: Photo Gallery powered by TinyWebGallery 1.8.3
# Date: 26/1/2011
# Author: DIES3L
# Software Link: http://www.tinywebgallery.com
# Version: v 1.8.3
# Tested on: ubuntu + win7
# Email : zxn@Hotmail.com
#######################################################
Fichier : i_basic.inc.php
http://localhost/[path]/i_frames/i_basic.inc.php

Code :
<?php
include '../config.php';

$basedir_save = $basedir;
?>

Exploit :
http://127.0.0.1/[path]/i_frames/i_basic.inc.php?basedir_save= [ Shell.txt ]

Enjoy :)

##########################################################
#
Greetz To : #
RoMaNcYxHaCkEr - saudi0hacker - aB0-3tH4b T3rR0r - TakEr #
#
##########################################################
END CONTENTS OF POST


Top
 Profile  
 
PostPosted: 4. Feb 2011, 10:17 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
This a false alarm
http://www.tinywebgallery.com/demo/i_fr ... ic.inc.php
cannot be called directly as you can see

and
<?php
include '../config.php';

$basedir_save = $basedir;
?>

is not the code which is in this file!!!

it starts with

<?php
defined( '_VALID_TWG' ) or die( 'Direct Access to this location is not allowed.' );

and therefore cannot be used directly.

I have already contacted the website to remove this false alarm.

there is another exploit (http://securityreason.com/exploitalert/9911) which is already fixed in 1.8.4.
But this was only possible if you are logged in!! This exploit does NOT work without a logged in user!

Have you checked your log file about the attack? If not you actually don't know what was the problem.

Best,
Michael


Top
 Profile  
 
PostPosted: 4. Feb 2011, 16:04 
Offline

Joined: 15. May 2009, 19:07
Posts: 3
Thanks - I will check further


Top
 Profile  
 
PostPosted: 4. Feb 2011, 17:45 
Offline

Joined: 15. May 2009, 19:07
Posts: 3
What are the consequences to the photo gallery if session.save_path is not available?


Top
 Profile  
 
PostPosted: 4. Feb 2011, 18:00 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
You are not able to login and the caching does not work.

- Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
powered by phpbb | Datenschutz/ Privacy policy