BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images
Oct 28 2005 11:39PM
preben watchcom no
The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once.
By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder.
Sample manipulation could be:
www.yoursit...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder.
Sample manipulation could be:
www.yoursit...
[ more ]