imageVue16.1 upload vulnerability

2006.02.15
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

ImageVue is an online Flash gallery for viewing images. For more information about ImageVue visit http://www.imagevuex.com Credits: me Vulnerable Systems: imageVue16.1 In ImageVue one can upload images to the Gallery. The upload-script however isn't checking credentials nor does it check file extensions i.e. it's possible for any user to upload any file as long as the 'right' permissions have been set for the uploading folder. Exploit: 1) check folder permissions http://[target]/dir.php An XML-document is shown containing all folders and their permissions. 2) upload a file to a folder from the XML http://[target]/admin/upload.php?path=../[foldername] Now you're ready to upload any file. Other vulnerabilities: 1) view dir listings http://[target]/readfolder.php?path=[path]&ext=[extension] 2) querystring is passed to style and body http://[target]/index.php?bgcol=[input]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top