In the beginning of april a person claimed to have found a vulnerability in XodaGallerys administration.php You can find it here for example.

However, it seems to me that this person did not bother even having a look at the code. He claims that you can gain access trough the querystring in administration.php?cmd=Command as if it were including a file. The ?cmd= though, is only tested against static values - so I have a hard time to see this alleged vulnerability. If you have any ideas, please contact me.

I also think it’s really suspicious not to even file a bug here at sourceforge or contact me, only to spread the info on other places on the Internet.

This entry was posted on Tuesday, May 8th, 2007 at 2:19 pm and is filed under Development, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.