Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Blue Collar Productions iGallery 4.1 Plus File Download

🗓️ 04 Jun 2009 00:00:00Reported by Stefano AngaranType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Blue Collar Productions iGallery 4.1 Plus File Download vulnerabilit

Code
`Vendor Notified: 05/25/2009  
  
Vulnerability Details:  
-------------------------------------------  
Blue Collar Productions iGallery 4.1 Plus (   
http://www.b-cp.com/igallery/default.asp ) is a commercial photo gallery   
script written in Classic ASP. There exists also a free version  
named iGallery 3.4. The file streamfile.asp suffers from an Arbitrary   
File Download vulnerability due to the missed input validation on the   
"i" and "f" parameters, in particular  
no validation is done on path traversal patterns.  
  
Systems Affected:  
-------------------------------------------  
iGallery 4.1 Plus and iGallery 3.4 were tested and shown to be vulnerable.  
  
Impact:  
-------------------------------------------  
Through this vulnerability remote and unauthenticated users could   
download any file  
accessible by the web server and by reading source files a malicious   
user could read  
important information such as database passwords.  
  
Mitigation Factors:  
-------------------------------------------  
New IIS installations are often configured to deny requests with ../ in   
the query string. Unfortunately  
the injection can come also from POST parameters.  
  
PoC:  
-------------------------------------------  
http://www.example.com/igallery41/streamfile.asp?i=./../../../index.asp&f=subdir  
  
  
Vendor Response:  
-------------------------------------------  
  
None as of 06/03/2009  
  
---  
  
Stefano Angaran  
http://www.upyou.it  
http://blog.upyou.it  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Jun 2009 00:00Current
blue collar productionsigallery 4.1 plusfile downloadvulnerabilityclassic asparbitrary file downloadpath traversalremote usersunauthenticatedweb serversource filesiis installationspost parameterspocstefano angaran
36