|  Home   |  Forums   |  News   |  Blog   |  Reviews   |
 Satellite   Digital TV   IPTV   Cable   HDTV   Computers   Games   Mobile Phones   Broadband   Internet   Security   Telecoms   USB   VoIP   Wireless 

IT Security News feed IT Security News

All Tech News feed All Tech News

January 9, 2008

Photopost vbulletin gallery releases update

Bookmark and Share

by Brian Turner

The developers of Photopost, the popular image gallery addon for vbulletin, have released a new version of Photopost Gallery.

This is due to an exploit that affects all versions of PhotoPost vBGallery prior to 2.4.2 but does not affect PhotoPost Pro, ReviewPost, or PhotoPost Classifieds.

This is due to a new exploit that hackers have created in order to upload and attempt to execute php scripts on a webserver using vBGallery.

The exploit essentially involves uploading a PHP script disguised as an image file, using a filename that contains a “.php.gif”, “php.wmv” or a similar file extension in order to manipulate or trick the Apache webserver into executing the script as a PHP program.

Ultimately, this is a security flaw in the Apache webserver and has the potential to affect any software that handles user file uploads, not just vBGallery, but Photopost have patched vBGallery and released 2.4.2 to prevent this issue from occuring.

Story link: Photopost vbulletin gallery releases update


Discuss this in the Techwatch Forums

Related news to "Photopost vbulletin gallery releases update"




No Comments

No comments yet.

Sorry, the comment form is closed at this time.


Previous: «
Next: »

Visited 495 times, 15 so far today



TechWatch © 2005-2010. All rights reserved  |  About  |  Staff  |  Privacy  |  Disclaimer  |  Press/Media  |  Contact us