Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images

2005.10.30

Credit: Preben Nylokken

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2005-3432

CWE: N/A

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once.
By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder.
Sample manipulation could be:
www.yoursite.com/mg2/index.php?list=*&page=all
The "*" replaces the album number, showing every album.
The "all" command is an option programmed in the system to view all pictures within a SINGLE gallery.
Those two combined, will expose any password protected images.
The system can be downloaded from:
http://www.minigal.dk/
Please credit find to: Preben Nylokken

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.