Ezphotogallery 2.1

vendor:

Ezphotogallery

by:

Stack

8.8

CVSS

HIGH

Add Admin user/Remove user

264

CWE

Product Name: Ezphotogallery

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:ezphotogallery:ezphotogallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Ezphotogallery 2.1 is vulnerable to an authenticated user privilege escalation attack. An attacker can exploit this vulnerability by accessing the useradmin.php page and adding a new user with administrator privileges. The attacker can also remove existing users from the system.

Mitigation:

Upgrade to the latest version of Ezphotogallery.

Source

Exploit-DB raw data:

#----------------------------------------------------------------
#
#Script : Ezphotogallery 2.1
#
#Type : Vulnerabilities ( Add Admin user/Remove user)
#
#Google Dork : "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="
#
#----------------------------------------------------------------
#
#Discovered by : Stack
#
#----------------------------------------------------------------
#
#Script Download :  http://heanet.dl.sourceforge.net/sourceforge/ezphotogallery/ezphotogallery-2.1.zip
#
#----------------------------------------------------------------

Exploit :
 http://site.il/useradmin.php
how to use exploit
in Add user select
----------------------------------------
Simple example by Stack user :d :d
----------------------------------------
        Add user
Name:  Stack 
Password: passstack 
E-mail: Stack@hotmail.fr 
Private: yes or no  
Administrator:  yes
now stack username is a administrator user
----------------------------------------
       Remove user
User:  chouse the user and click remove
----------------------------------------

# milw0rm.com [2008-09-11]