Search…

X3 Photo Gallery Support Forums

Search…

Multiple Remote Vulnerabilities8 posts

Post Reply
 
mrzayas
Topic Author
Posts: 4
Joined: 15 Dec 2007, 02:13

Multiple Remote Vulnerabilities

15 Dec 2007, 02:18

Hello,

I have seen your software and I you can guarantee that it has multiple vulnerabilities, from the local file inclusions, up to the possibility of execution of arbitrary commands in the server.

Regards
Top
 
User avatar
mjau-mjau
X3 Wizard
Posts: 14452
Joined: 30 Sep 2006, 03:37

17 Dec 2007, 04:52

Can you give me an example? Our demo gallery is waiting here: www.photo.gallery/imagevue/
Top
 
mrzayas
Topic Author
Posts: 4
Joined: 15 Dec 2007, 02:13

PoC

31 Dec 2007, 10:05

Yes, not problem.

In order that the request is completed satisfactorily, it needs that safe mode OFF is.

https://www.photo.gallery/imagevue/pop.p ... 5&cached=1

I can provide u more PoC's by e-mail, expose in the forum can be danger.

Regards,
Top
 
mrzayas
Topic Author
Posts: 4
Joined: 15 Dec 2007, 02:13

SWF

31 Dec 2007, 10:12

The file "admin.swf"; it's not encrypted, can be modified and bypass admin restrictions easily.
Top
 
User avatar
mjau-mjau
X3 Wizard
Posts: 14452
Joined: 30 Sep 2006, 03:37

Re: SWF

05 Jan 2008, 01:59

I can't see any vulnerability in the link you gave me.
mrzayas wrote:The file "admin.swf"; it's not encrypted, can be modified and bypass admin restrictions easily.
Sorry, but I think you don't know what your talking about here. The file admin.swf, encrypted or not, does not have any further permissions to run any of the scripts than simply running the scripts through the URL.
Top
 
User avatar
Nick
Imagevue Hitman
Posts: 2872
Joined: 02 May 2006, 09:13

05 Jan 2008, 06:33

I agree that there is some unclean code exists in this version, but despite admin.swf not being encrypted you still will need admin password to do anything admin related. and while it allows paths like ../.. sometimes it doesnt list file contents even without safe_mode or open_basedir in effect. New version will be more restrictive.
firedev.com
Top
 
mrzayas
Topic Author
Posts: 4
Joined: 15 Dec 2007, 02:13

Understanding

19 Jan 2008, 10:49

I was not referring to capturing the credentials of the administrator, but, to that the published file badly might supplant administrator's functions, so you me do not avenge that do not be what I am speaking.

Regards,
Top
 
User avatar
mjau-mjau
X3 Wizard
Posts: 14452
Joined: 30 Sep 2006, 03:37

Re: Understanding

20 Jan 2008, 23:00

mrzayas wrote:I was not referring to capturing the credentials of the administrator, but, to that the published file badly might supplant administrator's functions, so you me do not avenge that do not be what I am speaking.
The "administrator's functions" do not run without the admin password. Ex.:

somescript.php?password=******

Unless the password is given, the script will not execute.
Top
Post Reply