Bug: Gallery Upload Vulnerabilities ( Ascii Version )

Search:
WLB2

Gallery Upload Vulnerabilities

Published
Credit
Risk
2006.05.19
Dj_ReMix_20
High
CWE
CVE
Local
Remote
N/A
CVE-2006-2428
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

# Milli-Harekat Advisory ( www.milli-harekat.org )

# Gallery Upload Vulnerabilities

# Risk : High

# Class: Remote

# Script : Gallery Scripts

# Credits : Dj ReMix

# Thanks : y Korsan , Liz0zim ,ESOBAR, PoizinBo0x ,TR_IP ,ERNE ,CyberWolf...

# Vulnerable Scripts :

DUGallery v1.x

Dugallery v2.x

DuPortal v2.x

DuBanner All Versiyon

WizGallery v1.x

AmazonGallery All Version

OzzyWork Galeri All Version

Engel-S Gallery All Version

#Vulnerable Code :

This Code Not Include...

GP_upload=true" name="form1" enctype="multipart/form-data"
onSubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,'',150,100,64

0,480,'PIC_WIDTH','PIC_HEIGHT');return document.MM_returnValue">

This is Code Deleted Your Scripts And All File Upload victim hosts...

Bye !

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version