Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Important! Vulnerability Found in GetSimple 2.03
#1
Until we have this fixed with the 3.0 release, please delete /admin/upload-ajax.php from any and all of your installations of GetSimple.

Some hacksters found a way to upload a file without being logged in - not sure how yet, but right now, this is the best way to avoid being hacked.

Sorry about this, but some people have to try and ruin it for everyone... More to come shortly...
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#2
just delete this file ?
no problem with GS after this ?
Reply
#3
yep - as far as I know right now
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#4
http://code.google.com/p/get-simple-cms/..._svn204_34

instead of deleting upload-ajax.php you can also make the change above to your cookie_functions.php file.
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#5
Chris is this notice just for 2.03 or also anything below 2.03?
- Julian

My GetSimple Plugins: Simple Image Gallery | TweetMeme reTweet Button
Reply
#6
2.03, but anything below could be effected too.

But to be honest, with almost every release of GS, we've fixed some type of vulnerability... so 2.01 was already insecure to a point.
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#7
ccagle8 Wrote:http://code.google.com/p/get-simple-cms/..._svn204_34

instead of deleting upload-ajax.php you can also make the change above to your cookie_functions.php file.

Replacing the function using the SVN code:
Code:
function kill_cookie($identifier) {
  global $SALT;
  $saltCOOKIE = sha1($identifier.$SALT);
  if (isset($_COOKIE[$saltCOOKIE])) {
    if ( defined('GSCOOKIEISSITEWIDE') && (GSCOOKIEISSITEWIDE == TRUE) ) {
       $_COOKIE[$saltCOOKIE] = FALSE;
       setcookie($saltCOOKIE, FALSE, time() - 3600,'/');    
    } else {
       $_COOKIE[$saltCOOKIE] = FALSE;
       setcookie($saltCOOKIE, FALSE, time() - 3600);
    }
  }
}

gives me:

Quote:Parse error: syntax error, unexpected T_IF in /home/cartocop/testbed/admin/inc/cookie_functions.php on line 41

Line 41 is the "if defined" line.

Any other suggestions?

-Rob A>
Reply
#8
I just fixed gs.info and i am not getting that error... can you verify you copied the right code (w/o line numbers etc.)?

http://get-simple-cms.googlecode.com/svn...ctions.php
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#9
ccagle8 Wrote:I just fixed gs.info and i am not getting that error... can you verify you copied the right code (w/o line numbers etc.)?

http://get-simple-cms.googlecode.com/svn...ctions.php

Thanks for the direct link. I got it from here initially:
http://code.google.com/p/get-simple-cms/...php?edit=1

I'm guessing copying from there introduced some non-printing characters.
Reply
#10
thx !

is this vulnerability present in 2.04 beta too?

and, by the way, why don't you setup a security announce mailing list ?
Reply
#11
Will there be 2.03 security release?
Reply
#12
The current svn is fixed. I will release 2.03.1 early today as a quick security release. I will also cut a new beta release that takes into effect the latest svn fix as well.
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#13
The downloads have been udpated, and the new stable version is 2.03.1. If you don't feel like upgrading, you can just make the change mentioned here.
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#14
marrco Wrote:thx !

is this vulnerability present in 2.04 beta too?

and, by the way, why don't you setup a security announce mailing list ?

I see that 2.04b contains fixed kill cookie function, so no worries.
Addons: blue business theme, Online Visitors, Notepad
Reply
#15
well, 2.04B became 3.0 after we decided that there were just too many updates in it to make it a minor release. So to be honest, 2.04 was always BETA, and will never be a real release.

3.0 should be fixed now... as well as the 2.03.1 patch release that was just sent out
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#16
If I simply delete /admin/upload-ajax.php then the upload-functionality won't work anymore, right?
Reply
#17
yes, thats the only part of the installation that wouldnt work. You can also make this change in lieu of deleting that file...
- Chris
Thanks for using GetSimple! - Download

Please do not email me directly for help regarding GetSimple. Please post all your questions/problems in the forum!
Reply
#18
Is there a way to subscribe to such emergency situations? Email or RSS...

It should prevent mass site hacking in future Smile
I had to remove "Powered by GetSimple" due to this issue - to prevent the google-hackers from finding my site in such occasions.

The drawback is if the vulnerability is "private", then, by publishing security fix, it will become public.
Reply




Users browsing this thread: 1 Guest(s)