lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <454161B6.7010802@mayhemiclabs.com>
Date: Thu, 26 Oct 2006 21:32:38 -0400
From: Mayhemic Labs Security <security@...hemiclabs.com>
To: full-disclosure@...ts.grok.org.uk
Subject: MHL-2006-003 Public Advisory: "ezOnlineGallery"
 Multiple Security Issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-003 - Public Advisory

+-----------------------------------------------------------+
|         ezOnlineGallery Multiple Security Issues          |
+-----------------------------------------------------------+


PUBLISHED ON
  October 26th, 2006


PUBLISHED AT
  http://www.mayhemiclabs.com/advisories/MHL-2006-003.txt
  http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006003


PUBLISHED BY
  Mayhemic Labs
  http://www.mayhemiclabs.com

  security AT mayhemiclabs DOT com
  GPG key: 0x56143F84


APPLICATION
  ezOnlineGallery
  http://www.ezonlinegallery.com/



AFFECTED VERSIONS
  Versions 1.3 and below


ISSUES
	ezOnlineGallery allows disclosure of certain data about
	the system it is installed on.
	
	1) Valid Path Disclosures
	By editing the album variable when the "show_album"
	action is called on ezgallery.php, an attacker can verify
	the existance of any directory on a system. The system
	will attempt to display an album if the path is valid,
	and will return	an error if the path is invalid.
	
	EXAMPLE:
	ezgallery.php?action=show_album&album=../../../../../etc/
	
	2) File Disclosure
	By editing both the album and image variables on image.php
	an attacker can view any JPG, BMP, or PNG that the apache
	process has read access to.
	
	image.php?album=../../home/jrluser/girlfriendpics&image=nude.jpg

WORKAROUNDS
	None at this time

SOLUTIONS
	Upgrade to 1.3.2 Beta


REFERENCES
	ezOnlineGallery - http://www.ezonlinegallery.com/


TIMELINE
	October 26th, 2006
		Vendor/Developer Notified
		Vendor/Developer Fixes Issues
		Public Release

				
ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License
  http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFQWG1zjnMaVYUP4QRAmn5AKCggkwoeoEwskcExkJtNnwWC4UBkQCgjetQ
1bjFMzRtPuveUAU6a0+ZaWg=
=yUPA
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ