FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx, bugtraq-owner@xxxxxxxxxxxxxxxxx
Subject: FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities
From: Pepelux <pepelux@xxxxxxxxxxxx>
Date: Sun, 5 Oct 2008 02:40:52 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition:x-google-sender-auth; bh=Nho6QXfdiPxZXUZgO4e1+X7tCRiZbhbmuFYWYj4qCvQ=; b=WBEN1xFSTsW1gjGtDt+NHxphbW/u3wP8mtqwLlUHCqlOgjnz6WvufIfjmDOKRrpvhR W6Q7ZefBaKYILkEjqj9J/vhrY56MtiW/GCivwCwXxufTGAVuQTWLt0pNanOro/58vxmH MJy2MQC+MFLaf1P2+jjEocSGbSFRe8AX/ZjJE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition:x-google-sender-auth; b=ORLwOURymrcM1/epOQwEjZ4LlWF45XZKgwCOjpiIOAJW2c3sCJ4/397TmMjecWHjuk VGYk3pgcWVZwA/DEmg5XQxQyDmfDFVZKAbC9tuylTxK8QT/Ze8OOBqOc6F+p0B6USv7F Dlh5630E2sNOBa4x0mDb13LPEEmSLLwYgoqSM=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: pepeluxx@xxxxxxxxx

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
FOSS Gallery Public Version <= 1.0 / Arbitrary file upload Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Program: FOSS Gallery Public Version
Version: <= 1.0
File affected: processFiles.php
Download: http://sourceforge.net/projects/fossgallery/


Found by Pepelux <pepelux[at]enye-sec.org>
eNYe-Sec - www.enye-sec.org

-- Bug --
Website doesn't check the images format and you can upload PHP files.

-- Exploit --
http://localhost/shell.php

Prev by Date: FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability
Next by Date: [SECURITY] [DSA 1643-1] New feta packages fix denial of service
Previous by thread: FOSS Gallery Admin Version <= 1.0 / Remote Arbitrary Upload Vulnerability
Next by thread: [SECURITY] [DSA 1643-1] New feta packages fix denial of service
Index(es):
- Date
- Thread