Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP Live Helper ASP(chat. php) XSS

PHPBB 2.0.20 persistent issues with avatars

[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB]

FlexChat XSS

From:	Dj_ReMix_20_(at)_hotmail.com <Dj_ReMix_20_(at)_hotmail.com>
Date:	13.05.2006
Subject:	# MHG Security Team --- Gallery Upload Vulnerabilities

# Milli-Harekat Advisory ( www.milli-harekat.org )

# Gallery Upload Vulnerabilities

# Risk : High

# Class: Remote

# Script : Gallery Scripts

# Credits : Dj ReMix

# Thanks : Яy Korsan , Liz0zim ,ESOBAR, PoizinBo0x ,TR_IP ,ERNE ,CyberWolf...

# Vulnerable Scripts :

DUGallery v1.x
Dugallery v2.x
DuPortal  v2.x
DuBanner All Versiyon
WizGallery v1.x
AmazonGallery All Version
OzzyWork Galeri All Version
Engel-S Gallery All Version

#Vulnerable Code :

This Code Not Include...

GP_upload=true" name="form1" enctype="multipart/form-data"
onSubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,
'',150,100,64
0,480,'PIC_WIDTH','PIC_HEIGHT');return document.MM_returnValue">

This is Code Deleted Your Scripts And All File Upload victim hosts...

Bye !