 Topic: |
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images |
| Credit: |
Preben Nylokken |
| Date: |
2005.10.30 |
| CWE: |
N/A |
| CVE: |
CVE-2005-3432 (Show details)
Use CVE to see details like:
- CVSS2,
- Affected Software,
- References |
| Risk |
Local |
| Remote |
| Medium |
No |
| Yes |
The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once.
By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside
a password protected folder.
Sample manipulation could be:
www.yoursite.com/mg2/index.php?list=*&page=all
The "*" replaces the album number, showing every album.
The "all" command is an option programmed in the system to view all pictures within a SINGLE gallery.
Those two combined, will expose any password protected images.
The system can be downloaded from:
http://www.minigal.dk/
Please credit find to: Preben Nylokken
[ ASCII VERSION ]
|
