Photo Gallery Forums

Hello,

I have seen your software and I you can guarantee that it has multiple vulnerabilities, from the local file inclusions, up to the possibility of execution of arbitrary commands in the server.

Regards

Can you give me an example? Our demo gallery is waiting here: www.photo.gallery/imagevue/

Yes, not problem.

In order that the request is completed satisfactorily, it needs that safe mode OFF is.

https://www.photo.gallery/imagevue/pop.p ... 5&cached=1

I can provide u more PoC's by e-mail, expose in the forum can be danger.

Regards,

The file "admin.swf"; it's not encrypted, can be modified and bypass admin restrictions easily.

I can't see any vulnerability in the link you gave me.

mrzayas wrote:The file "admin.swf"; it's not encrypted, can be modified and bypass admin restrictions easily.

Sorry, but I think you don't know what your talking about here. The file admin.swf, encrypted or not, does not have any further permissions to run any of the scripts than simply running the scripts through the URL.

I agree that there is some unclean code exists in this version, but despite admin.swf not being encrypted you still will need admin password to do anything admin related. and while it allows paths like ../.. sometimes it doesnt list file contents even without safe_mode or open_basedir in effect. New version will be more restrictive.

I was not referring to capturing the credentials of the administrator, but, to that the published file badly might supplant administrator's functions, so you me do not avenge that do not be what I am speaking.

Regards,

mrzayas wrote:I was not referring to capturing the credentials of the administrator, but, to that the published file badly might supplant administrator's functions, so you me do not avenge that do not be what I am speaking.

The "administrator's functions" do not run without the admin password. Ex.:

somescript.php?password=******

Unless the password is given, the script will not execute.