Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   Geeklog Vendors:   Geeklog
Geeklog Default Installation Lets Remote Users Access the Installation Script
SecurityTracker Alert ID:  1010948
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Aug 13 2004
Original Entry Date:  Aug 13 2004
Impact:   Disclosure of user information, Modification of user information
Exploit Included:  Yes  
Version(s): 1.39, possibly others
Description:   Security .Net Information (snilabs) reported a vulnerability in Geeklog. The installation software leaves the 'install' file in the 'admin' directory, which is accessible to remote users.

It is reported that a remote user can invoke the installation script with the following type of URLs:


Impact:   A remote user can run the installation script.
Solution:   No solution was available at the time of this entry.

The report indicates that you should delete the script after the installation.

Vendor URL: (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  Geeklog Default Installation May Disclose Installation Files to Remote Users

Security .Net Information (snilabs) Advisore:

A bug has encountred in Geeklog 1.39 possibly other versions. Default
Installation May Disclose Installation Files to Remote Users , exactly
in script install located in /admin/install.

A remote user can execute install script with permissions admin, the
directory containing the installation script is accessible to remote
users. The script itself can be executed.

example : xploit:


Delete the script after the installation.

Greetz: friends #reflux

snilabs: #sni-labs

 --  #sni-labs  #reflux
Security .Net Information

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC