Home | Photography | Flickr | LiveJournal | Get Firefox
« Sourdough review
PHP/SQLite users: a word of warning »

Gallery vulnerability

September 22nd, 2004

I don't have every version of gallery at my disposal, so I haven't tested this against every version. However, as far back as I can remember, this has been the case, so I'm pretty sure it applies to all versions, and certainly all recent versions.

Public access to certain data files within your albums directory will provide visitors with information regarding the names and locations of all images in all albums within your gallery installation. By default, access to these files is allowed. With this information, a visitor has the ability to retrieve any image within your gallery, even those marked as hidden, or those placed under gallery's security.

To see if you are vulnerable, attempt the following. Take the URL to your "albums" directory (the directory that contains all the images on the server), which could be named differently depending on your installation. Append "/albumdb.dat" to the end of this URL and enter that address into your web browser. If you get some jibberish starting with "{", then you are vulnerable.

There is a simple, temporary fix that will not affect the usability of your gallery. If you happen to be running Apache with ".htaccess" file access, you might find a file named ".htaccess" in your albums directory. Either edit it, or create it and add the following lines to the very bottom of this file:


Order Deny,Allow
Deny From All

I hope this helps some of you. If you insist on doing so, you may repay me by providing me with legitimate access to those albums you're trying to protect. :)

*Update*: Despite my "bug report":https://sourceforge.net/tracker/index.php?func=detail&aid=1033106&group_id=7130&atid=107130 and, apparently, several other bug reports on the same issue, the Gallery team has choosen *NOT* to correct this issue. According to them, this would require a "major major rewrite". In actuality, it would require a small change in a few files, and one new file for handling the images correctly. I feel that, at the very least, the fix I mention above could be included by default, and a warning message could be issued during installation/upgrade.

Share and Enjoy:
  • Facebook
  • StumbleUpon
  • Digg
  • e-mail
  • del.icio.us
  • Google
  • Reddit
  • Technorati
  • BlinkList
  • blogmarks
  • Blue Dot
  • description
  • Furl
  • Ma.gnolia
  • MisterWong
  • Netvouz
  • PlugIM
  • Propeller
  • Simpy
  • Spurl
  • TailRank
In: Uncategorized | 159 views