• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ralf Image Gallery Multiple Input Validation Vulnerabilities

Ralf Image Gallery is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit the directory-traversal vulnerabilities to retrieve arbitrary files from the vulnerable system in the context of the webserver process.

The cross-site scripting vulnerabilities allow an attacker to leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The remote file-include issues allow an attacker to include arbitrary remote files containing malicious PHP code and execute them in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.