singapore Image Gallery thumb.php Traversal Arbitrary File Download

2004-12-16T05:07:43
ID OSVDB:12569
Type osvdb
Reporter Tan Chew Keong(chewkeong@security.org.sg)
Modified 2004-12-16T05:07:43

Description

Vulnerability Description

singapore Image Gallery contains a flaw that allows a remote attacker to download arbitrary files. The issue is due to the showThumb() function of the 'thumb.php' script not properly sanitizing user input, specifically traversal style attacks (..\ or /.../) which could allow a remote attacker to download arbitrary files resulting in a loss of confidentiality.

Solution Description

Upgrade to version 0.9.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

singapore Image Gallery contains a flaw that allows a remote attacker to download arbitrary files. The issue is due to the showThumb() function of the 'thumb.php' script not properly sanitizing user input, specifically traversal style attacks (..\ or /.../) which could allow a remote attacker to download arbitrary files resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/thumb.php?gallery=../data/users.csv.php%00&image=a.jpg

References:

Vendor URL: http://singapore.sourceforge.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/showfiles.php?group_id=77687 Security Tracker: 1012567 Related OSVDB ID: 12570 Related OSVDB ID: 12572 Related OSVDB ID: 12571 Related OSVDB ID: 12573 Other Advisory URL: http://www.security.org.sg/vuln/singapore0910.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0211.html ISS X-Force ID: 18528 CVE-2004-1407 Bugtraq ID: 11990