Short Name |
HTTP:PHP:GALLERY:EMBED-AUTH-VAR |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Gallery Embedded USER AUTH Bypass (postvar) |
Release Date |
2004/08/11 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Gallery, a Web-based photo album application written in php. Attackers can bypass user authorization to gain administrative privileges.
It has been disclosed that an attacker can bypass Gallery's authentication process, and log in as any user without a password. An attacker can override configuration variables by passing them in GET, POST or cookie arguments. Gallery simulates the 'register_globals' PHP setting by extracting the values of the various $HTTP_ global variables into the global namespace. Therefore, regardless of the 'register_globals' PHP setting, an attacker can override configuration variables. An attacker can change configuration variables and cause Gallery to skip the authentication steps. Versions prior to 1.4.3-pl2 are reported to be vulnerable.