Network Security: Detailed info on Vulnerability in MG2 php based Image Gallery

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

Subject:	Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images
Date:	28 Oct 2005 23:39:08 -0000

Subject:

Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images

Date:

28 Oct 2005 23:39:08 -0000

The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once. By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder. Sample manipulation could be: www.yoursite.com/mg2/index.php?list=*&page=all The "*" replaces the album number, showing every album. The "all" command is an option programmed in the system to view all pictures within a SINGLE gallery. Those two combined, will expose any password protected images. The system can be downloaded from: http://www.minigal.dk/ Please credit find to: Preben Nylokken

<Prev in Thread]	Current Thread	[Next in Thread>
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images, preben <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, mgotts
Next by Date:	Re: Remote File Inclusion in forum PunBB, arpen
Previous by Thread:	Remote MySQL User on Cpanel Default installation with blank password, sup3r_linux
Next by Thread:	Mirabilis ICQ 2003a Buffer Overflow Download Shellcoded Exploit, atmaca
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, mgotts

Next by Date:

Re: Remote File Inclusion in forum PunBB, arpen

Previous by Thread:

Remote MySQL User on Cpanel Default installation with blank password, sup3r_linux

Next by Thread:

Mirabilis ICQ 2003a Buffer Overflow Download Shellcoded Exploit, atmaca

Indexes:

[Date] [Thread] [Top] [All Lists]