Mcgallery V 1.1 Files Reading On Disk

Full Version: Mcgallery V 1.1 Files Reading On Disk

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Jun 15 2005, 08:23 PM

QUOTE

Vendor: Phpforum, http://www.phpforums.net/
Product: McGallery v 1.1
Vulnerability: files reading on disk
Consequences: Web server paths are opened
Risk: High

Description: Attacker can form the query in URL form ang get the access to the system files
Example: thttp://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd

Discoveried By D_BuG d_bug_at_bk.ru

Source: http://seclists.org/lists/bugtraq/2005/Jun/0120.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.