vendor:
Dacio_imgGal
by:
ahmadbady
7,5
CVSS
HIGH
Directory Traversal/Bypass/Shell Upload
22
CWE
Product Name: Dacio_imgGal
Affected Version From: 1.6
Affected Version To: 1.6
Patch Exists: Yes
Related CWE: N/A
CPE: a:dacio:dacio_imggal:1.6
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Local Directory Traversal/bypass/shell upload
A vulnerability exists in Dacio_imgGal-v1.6, which allows an attacker to bypass authentication and upload a malicious shell. This is done by accessing the index.php page with the parameter 'gallery' set to '../config.inc%00'. The attacker can then access the admin.php page and add an image, which can be used to upload a malicious shell. The shell can be accessed at '/images/beauty_1/shell.php' or '/images/aa/shell.php' if the beauty_1 directory is deleted. The dork used to find vulnerable sites is 'intitle:"Dacio's Image Gallery"'.
Mitigation:
Upgrade to the latest version of Dacio_imgGal-v1.6 or apply the appropriate patch.
