Gallery Upload Vulnerabilities

2006.05.19
Credit: Dj_ReMix_20
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

# Milli-Harekat Advisory ( www.milli-harekat.org ) # Gallery Upload Vulnerabilities # Risk : High # Class: Remote # Script : Gallery Scripts # Credits : Dj ReMix # Thanks : y Korsan , Liz0zim ,ESOBAR, PoizinBo0x ,TR_IP ,ERNE ,CyberWolf... # Vulnerable Scripts : DUGallery v1.x Dugallery v2.x DuPortal v2.x DuBanner All Versiyon WizGallery v1.x AmazonGallery All Version OzzyWork Galeri All Version Engel-S Gallery All Version #Vulnerable Code : This Code Not Include... GP_upload=true" name="form1" enctype="multipart/form-data" onSubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,'',150,100,64 0,480,'PIC_WIDTH','PIC_HEIGHT');return document.MM_returnValue"> This is Code Deleted Your Scripts And All File Upload victim hosts... Bye !


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top