RETIRED: Gallery 'modules.php' Local File Include Vulnerability
BID:30608
Info
RETIRED: Gallery 'modules.php' Local File Include Vulnerability
| Bugtraq ID: | 30608 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 08 2008 12:00AM |
| Updated: | Aug 11 2008 08:46PM |
| Credit: | Digital Security Research Group [DSecRG] |
| Vulnerable: |
Gallery Gallery 1.5.7 Gallery Gallery 1.6-alpha3 |
| Not Vulnerable: |
Gallery Gallery 1.5.8 Gallery Gallery 1.6-RC1 |
Discussion
RETIRED: Gallery 'modules.php' Local File Include Vulnerability
Gallery is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.
Versions prior to Gallery 1.5.8 are vulnerable.
NOTE: This issue was previously covered in BID 30563 (Gallery Multiple Remote Vulnerabilities), but has been assigned its own BID to better track the issue.
RETIRED: This BID is being retired because further analysis reveals that Gallery is not affected by this issue.
Gallery is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.
Versions prior to Gallery 1.5.8 are vulnerable.
NOTE: This issue was previously covered in BID 30563 (Gallery Multiple Remote Vulnerabilities), but has been assigned its own BID to better track the issue.
RETIRED: This BID is being retired because further analysis reveals that Gallery is not affected by this issue.
Exploit / POC
RETIRED: Gallery 'modules.php' Local File Include Vulnerability
Attackers can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/[path]/contrib/phpBB2/modules.php?op=modload&phpEx=../../../../../../../../../../../../../etc/passwd
Attackers can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/[path]/contrib/phpBB2/modules.php?op=modload&phpEx=../../../../../../../../../../../../../etc/passwd
Solution / Fix
RETIRED: Gallery 'modules.php' Local File Include Vulnerability
Solution:
The vendor released Gallery 1.5.8 to address this issue. Please see the references for more information.
Solution:
The vendor released Gallery 1.5.8 to address this issue. Please see the references for more information.
References
RETIRED: Gallery 'modules.php' Local File Include Vulnerability
References:
References:
- Gallery Homepage (Gallery)
- [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3 ("Digital Security Research Group \[DSecRG\]"
- Re: [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha ([email protected])