[VIM] 4images v1.7.7 Remote Command Execution Vulnerability
George A. Theall
theall at tenable.com
Mon Jul 26 21:04:02 CDT 2010
Exploit DB #14478 looks bogus -- here's a slightly larger snippet of
the affected file from version 1.7.7:
----- snip, snip, snip -----
<?php
/
**************************************************************************
* *
* 4images - A Web Based Image Gallery Management
System *
*
---------------------------------------------------------------- *
* *
* File:
image_utils.php *
* Copyright: (C) 2002-2009 Jan
Sorgalla *
* Email:
jan at 4homepages.de *
* Web: http://www.
4homepages.de *
* Scriptversion:
1.7.7 *
* *
* Never released without support from: Nicky (http://
www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die
Lizenz- *
* bedingungen (Lizenz.txt) für weitere
Informationen. *
*
--------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright
Notice *
* (Licence.txt) for further
information. *
* *
*************************************************************************/
if (!defined('ROOT_PATH')) {
die("Security violation");
}
...
function resize_image_im($src, $dest, $quality, $width, $height,
$image_info) {
global $convert_options;
$command = $convert_options['convert_path']." -quality ".$quality."
-antialias -geometry $width"."x"."$height -profile '*' -unsharp 0.5x1
\"$src\" \"$dest\"";
system($command);
return (file_exists($dest)) ? 1 : 0;
}
----- snip, snip, snip -----
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list