Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Install: disable step 4 (additional config info)
This fixes a security issue allowing an attacker to access the
installation script and obtain database access credentials.

Since the offending install step does not seem to be doing anything
useful, the corresponding code block has been commented out.

This vulnerability (CVE-2014-9571) was reported by High-Tech Bridge
Security Research Lab (https://www.htbridge.com/) in issue #17937
(advisory ID HTB23243).

Fixes #17939
  • Loading branch information
dregad committed Jan 9, 2015
1 parent 132cd6d commit 5e5e575
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions admin/install.php
Expand Up @@ -1021,6 +1021,11 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
# database installed, get any additional information
if( 4 == $t_install_state ) {

/*
# 20141227 dregad Disabling this step for now, because it does not seem to
# be doing anything useful and can be used to retrieve system information
# when the admin directory has not been deleted (see #17939).
# @todo to be written
# must post data gathered to preserve it
?>
Expand All @@ -1036,6 +1041,7 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
<?php
# must post <input name="install" type="hidden" value="5">
# rather than the following line
*/
$t_install_state++;
} # end install_state == 4

Expand Down

0 comments on commit 5e5e575

Please sign in to comment.