| タイトル | needyamin image_gallery 1.0 Cross Site Scripting |
|---|
| 説明 | Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Dork: inurl: admin/gallery.php
Vulnerable Product:
https://github.com/needyamin/image_gallery
Vendor Link:
https://github.com/needyamin/
Vendor: needyamin
Product Name: image_gallery
Type: Image Gallery Management System
????????????????????
Title of the Vulnerability: Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Unrestricted File Upload
Product Name: image_gallery
Vendor:
needyamin
Vendor Link:
https://github.com/needyamin/
Vulnerable Product Link: https://github.com/needyamin/image_gallery/
Affected Components:
admin/gallery.php
Suggested Description:
Unrestricted File Upload in "admin/gallery.php" in "image_gallery application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to upload shell and hijack server via Unrestricted File Upload as no valudations are provided" via "admin/gallery.php".
Attack Vectors:
To exploit vulnerability,he has to create a gallery in admin/gallery.php and upload a Shell in Cover Image.Thus, Attacker can gain admin cookie and then he can login admin and as the file upload isn't protected can hijack the whole server too!
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html
|
|---|
| ソース | ⚠️ https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html |
|---|
| ユーザー | MaloyRoyOrko (UID 79572) |
|---|
| 送信 | 2025年01月15日 18:24 (1 年 ago) |
|---|
| モデレーション | 2025年01月26日 16:42 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 293482 [needyamin image_gallery 1.0 Cover Image /admin/gallery.php image 特権昇格] |
|---|
| ポイント | 20 |
|---|