| Название | needyamin image_gallery 1.0 Cross Site Scripting |
|---|
| Описание | Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Dork: inurl: admin/gallery.php
Vulnerable Product:
https://github.com/needyamin/image_gallery
Vendor Link:
https://github.com/needyamin/
Vendor: needyamin
Product Name: image_gallery
Type: Image Gallery Management System
????????????????????
Title of the Vulnerability: Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Unrestricted File Upload
Product Name: image_gallery
Vendor:
needyamin
Vendor Link:
https://github.com/needyamin/
Vulnerable Product Link: https://github.com/needyamin/image_gallery/
Affected Components:
admin/gallery.php
Suggested Description:
Unrestricted File Upload in "admin/gallery.php" in "image_gallery application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to upload shell and hijack server via Unrestricted File Upload as no valudations are provided" via "admin/gallery.php".
Attack Vectors:
To exploit vulnerability,he has to create a gallery in admin/gallery.php and upload a Shell in Cover Image.Thus, Attacker can gain admin cookie and then he can login admin and as the file upload isn't protected can hijack the whole server too!
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html
|
|---|
| Источник | ⚠️ https://www.websecurityinsights.my.id/2025/01/imagegallery-add-gallery.html |
|---|
| Пользователь | MaloyRoyOrko (UID 79572) |
|---|
| Представление | 15.01.2025 18:24 (1 Год назад) |
|---|
| Модерация | 26.01.2025 16:42 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 293482 [needyamin image_gallery 1.0 Cover Image /admin/gallery.php image эскалация привилегий] |
|---|
| Баллы | 20 |
|---|