Code Injection security flaw in Language mechanism #1268

Closed
abiusx opened this Issue Apr 20, 2012 · 6 comments

Projects

None yet

3 participants

@abiusx
abiusx commented Apr 20, 2012

Variable inclusion in Lang.php file allows attackers to run arbitrary code on the server if a single blind injection is available in the application. for more details visit
http://abiusx.com/asmandez-codeigniter-hacked/

@ckdarby
Contributor
ckdarby commented Jun 6, 2012

@abiusx This was a lot of effort on your part & a lot of stupidity on their part but I'll agree with you because $langfile is eventually used for a file path that it should be made safe before utilized.

@abiusx
abiusx commented Jun 6, 2012

Hello,
So you think they'll fix it?


Notice: This message is digitally signed, this means that its source and integrity are verifiable.
Certain mail clients would automatically verify this email and present a "signed and sealed" sign, but others might just provide a downloadable file (smime.p7s), which includes the X.509 certificate and the signature body.
In this case, you can either ignore it or manually verify it. Read more on this at Certified E-Mail with Comodo and Thunderbird at AbiusX.com

On خرداد ۱۷, ۱۳۹۱, at ۴:۳۶, Cory wrote:

@abiusx This was a lot of effort on your part & a lot of stupidity on their part but I'll agree with you because $langfile is eventually used for a file path that it should be made safe before utilized.


Reply to this email directly or view it on GitHub:
#1268 (comment)

@ckdarby
Contributor
ckdarby commented Jun 6, 2012

Pull requests speak louder than simply pointing out the flaw. I personally see no reason to why a pull request would get declined to fix this and therefore suggest your next step be to fork, solve, commit, and put in a pull request.

@abiusx
abiusx commented Jun 6, 2012

but i'm not that familiar with CodeIgniter codebase and I might end up ruining something


Notice: This message is digitally signed, this means that its source and integrity are verifiable.
Certain mail clients would automatically verify this email and present a "signed and sealed" sign, but others might just provide a downloadable file (smime.p7s), which includes the X.509 certificate and the signature body.
In this case, you can either ignore it or manually verify it. Read more on this at Certified E-Mail with Comodo and Thunderbird at AbiusX.com

On خرداد ۱۷, ۱۳۹۱, at ۵:۲۰, Cory wrote:

Pull requests speak louder than simply pointing out the flaw. I personally see no reason to why a pull request would get declined to fix this and therefore suggest your next step be to fork, solve, commit, and put in a pull request.


Reply to this email directly or view it on GitHub:
#1268 (comment)

@ckdarby
Contributor
ckdarby commented Jun 6, 2012

Alright, I'll fix this by Friday if no one else puts in a pull request.

@abiusx
abiusx commented Jun 6, 2012

thanks in advance


Notice: This message is digitally signed, this means that its source and integrity are verifiable.
Certain mail clients would automatically verify this email and present a "signed and sealed" sign, but others might just provide a downloadable file (smime.p7s), which includes the X.509 certificate and the signature body.
In this case, you can either ignore it or manually verify it. Read more on this at Certified E-Mail with Comodo and Thunderbird at AbiusX.com

On خرداد ۱۷, ۱۳۹۱, at ۵:۲۳, Cory wrote:

Alright, I'll fix this by Friday if no one else puts in a pull request.


Reply to this email directly or view it on GitHub:
#1268 (comment)

@narfbg narfbg closed this in 2dce1ff Oct 24, 2012
@nonchip nonchip pushed a commit to nonchip/CodeIgniter that referenced this issue Jun 29, 2013
@narfbg narfbg Fix #1268 (or rather enforce some security measures, there's nothing …
…really broken)
6fc45bc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment