| Título | needyamin image_gallery 1.0 Cross Site Scripting |
|---|
| Descripción | Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Dork: inurl: admin/gallery.php
Vulnerable Product:
https://github.com/needyamin/image_gallery
Vendor Link:
https://github.com/needyamin/
Vendor: needyamin
Product Name: image_gallery
Type: Image Gallery Management System
????????????????????
Title of the Vulnerability: Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Unrestricted File Upload
Product Name: image_gallery
Vendor:
needyamin
Vendor Link:
https://github.com/needyamin/
Vulnerable Product Link: https://github.com/needyamin/image_gallery/
Affected Components:
admin/gallery.php
Suggested Description:
Unrestricted File Upload in "admin/gallery.php" in "image_gallery application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to upload shell and hijack server via Unrestricted File Upload as no valudations are provided" via "admin/gallery.php".
Attack Vectors:
To exploit vulnerability,he has to create a gallery in admin/gallery.php and upload a Shell in Cover Image.Thus, Attacker can gain admin cookie and then he can login admin and as the file upload isn't protected can hijack the whole server too!
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html
|
|---|
| Fuente | ⚠️ https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html |
|---|
| Usuario | MaloyRoyOrko (UID 79572) |
|---|
| Sumisión | 2025-01-15 18:24 (hace 1 Año) |
|---|
| Moderación | 2025-01-26 16:42 (11 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 293482 [needyamin image_gallery 1.0 Cover Image /admin/gallery.php image escalada de privilegios] |
|---|
| Puntos | 20 |
|---|