Crux Gallery - exploit.company

vendor:

Crux Gallery

by:

Pepelux

6.4

CVSS

MEDIUM

Insecure Cookie Handling

264

CWE

Product Name: Crux Gallery

Affected Version From: 1.32

Affected Version To: 1.32

Patch Exists: NO

Related CWE: N/A

CPE: a:arzdev:crux_gallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability

You can access to the admin panel altering the cookie and adding a parameter in the navigation bar. Navigate by the admin panel adding the parameter '&name=users' in the navigation bar.

Mitigation:

Ensure that cookies are properly validated and authenticated before being used.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Program: Crux Gallery
Version: <= 1,32
File affected: admin/*
Download: http://www.arzdev.com/downloads/8/Crux


Found by Pepelux <pepelux[at]enye-sec.org>
eNYe-Sec - www.enye-sec.org


>> Program description (by the author website) <<

Crux Gallery reads directories on a server and listes them with thumbnails for
the user to view without useing exrta space for thumbnails or extra bandwidth 
for full images. Each image has other resolutions near them for the user to 
choose from, including the origional resolution the image is in.

>> Bug <<

You can access to the admin panel altering the cookie and adding a parameter
in the navigation bar.


>> Exploit <<

Note: POST is not checked and you can enter all by GET. Also you can create a
simple perl script to send GET and POST packages.

Navigate by the admin panel adding the parameter '&name=users' in the 
navigation bar. Examples: 
    
	to view the main admin panel:
	http://site/index.php?op=admin&name=users

	to change the admin password:
	http://site/index.php?op=pass&name=users

# milw0rm.com [2008-09-26]