header-logo
Suggest Exploit
vendor:
Iamma Simple Gallery
by:
X0r - EvolutionTeaM
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: Iamma Simple Gallery
Affected Version From: 1
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Iamma Simple Gallery Arbitrary File Upload

There isn't any check for file extensions, allowing an attacker to upload malicious files to the server.

Mitigation:

Implement a whitelist of accepted file extensions and validate the file type before accepting the upload.
Source

Exploit-DB raw data:

Found by: X0r
Iamma Simple Gallery Arbitrary File Upload
Version: 1,2 (?)
Email: evolutionteam.x0[at]gmail[dot]com
Script
Download:http://www.matteoiammarrone.com/public/modules.php?name=Downloads&d_op=getit&lid=4

Script Download
2:http://www.pierotofy.it/pages/download.php?filename=100p97q116r97s47t112a114i111f103g114h97n109o115l47m80b72c80d47e105u115v103z50p46q122r105s112t

Bug: There isn't any check for file extensions.

Exploit: http://[site]/[path]/upload.php


// X0r - EvolutionTeaM

# milw0rm.com [2008-10-22]

Navigation

Suggest Exploit

Services By CQR