| عنوان | needyamin image_gallery 1.0 Cross Site Scripting |
|---|
| الوصف | Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Dork: inurl: admin/gallery.php
Vulnerable Product:
https://github.com/needyamin/image_gallery
Vendor Link:
https://github.com/needyamin/
Vendor: needyamin
Product Name: image_gallery
Type: Image Gallery Management System
????????????????????
Title of the Vulnerability: Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Unrestricted File Upload
Product Name: image_gallery
Vendor:
needyamin
Vendor Link:
https://github.com/needyamin/
Vulnerable Product Link: https://github.com/needyamin/image_gallery/
Affected Components:
admin/gallery.php
Suggested Description:
Unrestricted File Upload in "admin/gallery.php" in "image_gallery application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to upload shell and hijack server via Unrestricted File Upload as no valudations are provided" via "admin/gallery.php".
Attack Vectors:
To exploit vulnerability,he has to create a gallery in admin/gallery.php and upload a Shell in Cover Image.Thus, Attacker can gain admin cookie and then he can login admin and as the file upload isn't protected can hijack the whole server too!
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html
|
|---|
| المصدر | ⚠️ https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html |
|---|
| المستخدم | MaloyRoyOrko (UID 79572) |
|---|
| ارسال | 15/01/2025 06:24 PM (1 سنة منذ) |
|---|
| الاعتدال | 26/01/2025 04:42 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 293482 [needyamin image_gallery 1.0 Cover Image /admin/gallery.php image تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|