DynaWeb Developers MMS Gallery 'id'目录遍历漏洞

DynaWeb Developers MMS Gallery是一款基于PHP的WEB应用程序。 DynaWeb Developers MMS Gallery不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于脚本对用户提交的'id'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 DynaWeb Developers MMS Gallery 1.0 目前没有解决方案提供： http://www.mms2web.com/index.php...

MMS Gallery PHP 1.0 (id) Remote File Disclosure Vulnerability

No description provided by source. MMS Gallery in PHP v1.0 id Remote File Disclosure Vulnerability D.Script : http://www.mms2web.com/mmsgalleryphp.zip POC : /mmstemplate/getimage.php?id=../../../../../../../../etc/passwd /mmstemplate/getfile.php?id=../../../../../../../../etc/passwd...

Directory traversal

Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. dot dot in the id parameter to 1 getimage.php or 2 getfile.php in mmstemplate/...

CVE-2007-6323

Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. dot dot in the id parameter to 1 getimage.php or 2 getfile.php in mmstemplate/...

CVE-2007-6323

The CVE-2007-6323 entry describes multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0, allowing remote attackers to read arbitrary files via a .. sequence in the id parameter to get_image.php or get_file.php within the mms_template directory. Affected software is MMS Gallery PHP 1...

Mms Gallery PHP 1.0 - 'id' Remote File Disclosure

MMS Gallery in PHP v1.0 id Remote File Disclosure Vulnerability D.Script : http://www.mms2web.com/mmsgalleryphp.zip POC : /mmstemplate/getimage.php?id=../../../../../../../../etc/passwd /mmstemplate/getfile.php?id=../../../../../../../../etc/passwd milw0rm.com 2007-12-13...

Mms Gallery PHP 1.0 - id Remote File Disclosure

Mms Gallery PHP 1.0 - id Remote File Disclosure MMS Gallery in PHP v1.0 id Remote File Disclosure Vulnerability D.Script : http://www.mms2web.com/mmsgalleryphp.zip POC : /mmstemplate/getimage.php?id=../../../../../../../../etc/passwd /mmstemplate/getfile.php?id=../../../../../../../../etc/passwd...

mms-lfi.txt

MMS Gallery in PHP v1.0 id Remote File Disclosure Vulnerability D.Script : http://www.mms2web.com/mmsgalleryphp.zip POC : /mmstemplate/getimage.php?id=../../../../../../../../etc/passwd /mmstemplate/getfile.php?id=../../../../../../../../etc/passwd...

MMS Gallery PHP 1.0 (id) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ============================================================= MMS Gallery PHP 1.0 id Remote File Disclosure Vulnerability ============================================================= MMS Gallery in PHP v1.0 id Remote File Disclosure...