freePHPgallery 0.6 Cookie Local File Inclusion

vendor:

freephpgallery

by:

MhZ91

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: freephpgallery

Affected Version From: 0.6

Affected Version To: 0.6

Patch Exists: YES

Related CWE: N/A

CPE: a:freephpgallery:freephpgallery:0.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

freePHPgallery 0.6 Cookie Local File Inclusion

freePHPgallery 0.6 present a local file inclusion vulnerability in the files index.php, comment.php and show.php. By modifying the cookie lang value with a ../../../../ etc., an attacker can gain access to local files.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		freePHPgallery 0.6 Cookie Local File Inclusion                       +==--
--==+================================================================================+==--

 Author: MhZ91
 Title: freePHPgallery 0.6 Cookie Local File Inclusion
 Download: http://sourceforge.net/projects/freephpgallery/
 Bug: Local File Inclusion
 Info: freePHPgallery is a easy-to-use free PHP picture gallery. Automatic creation of picture indexes with thumbnails, commenting function, selection of multiple languages. This software does not NOT require a database or other additional software.
 Visit: http://www.inj3ct-it.org

[*]----------------------------------------------------------

freePHPgallery 0.6 present a local file inclusion in this file

index.php
comment.php
show.php

<?php

[...]

if($_COOKIE['lang']!="")
{if(file_exists("./lang/".$_COOKIE['lang'])){include ("./lang/".$_COOKIE['lang']);};}

[...]

?>

we can modify the cookie lang value whit a ../../../../ etc... and give a local file inclusion 


[*]----------------------------------------------------------

# milw0rm.com [2008-02-14]