0day - e107 Plugins PPGallery - Multiple Vulnerabilities
Oleh
chmood
http://e107.org/e107_plugins/bugtrack/bugtrack.php?
action=show&id=5401&cat=all&res=all&status=all&flag=off&ver=
action=show&id=5401&cat=all&res=all&status=all&flag=off&ver=
== SQL Injection ==
http://e107/e107_plugins/ppgallery/add_image.php?id=%inject_here%
http://e107/e107_plugins/ppgallery/edit_image.php?id=%inject_here%
http://e107/e107_plugins/ppgallery/delete.php?id=%inject_here%
http://e107/e107_plugins/ppgallery/edit_gallery.php?id=%inject_here%
if (isset($_GET['id'])) {$id=$_GET['id'];}
if (isset($_POST['id'])) {$id=$_POST['id'];}
add_image.php
$gallery=mysql_query("SELECT * FROM ".MPREFIX."ppgallery_gallerys WHERE gallery='".$id."'");
== Arbitrary File Upload ==
http://e107/e107_plugins/ppgallery/add_image.php?id=1
http://e107/e107_plugins/ppgallery/edit_image.php?id=1
http://localhost/e107_1.0.4_full/e107_plugins/ppgallery/ch_new.php
== No Authentication Required ==
Category
Komentar