Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Security hole in editconfig_gedcom.php

furtive
2013-04-30
2013-05-30
  • furtive
    furtive
    2013-04-30

    There seems to be a security hole in function move_uploaded_file in editconfig_gedcom.php. Someone (who does not have an account) has been trying to exploit it on my site by uploading dodgy files and moving them using this script. Log files from my server below.

    Is this something I can fix or is this a security bug in the code?

    [root@190887 ~]# grep /tmp/php /var/www/vhosts/*/statistics/logs/error_log
    /var/www/vhosts/mydomain.co.uk/statistics/logs/error_log:[Sat Sep 22 08:50:55 2012] [error] PHP Warning:  move_uploaded_file() [<a href='function.move-uploaded-file'>function.move-uploaded-file</a>]: Unable to move '/tmp/phpZjJDNl' to './index/GED.ged' in /var/www/vhosts/mydomain.co.uk/httpdocs/familyhistory/editconfig_gedcom.php on line 126, referer: http://www.mydomain.co.uk/familyhistory/editconfig_gedcom.php?source=replace_form&path=./index/GED.GED&oldged=
    
     
  • Stephen Arnold
    Stephen Arnold
    2013-04-30

    Switch to webtrees.

     
  • Gerry Kroll
    Gerry Kroll
    2013-05-01

    You need to be logged in with Admin rights before editconfig_gedcom.php will run.

    The line number reported in your log file extract does not match the location of the function call in the current version of editconfig_gedcom.php.  You're clearly not running with the "SVN" version of PhpGedView.