# Exploit Title: Joomla component com_oziogallery2 / IMAGIN arbitrary file write# Date: 01-01-10# Author: Ubik and er# Software Link: oziogallery.joomla.it / imagin.ro# Version: all# Disclaimer : all the information in this document is provided "as is", for educational purposes only. The authors will not be responsible for any damage.
technical information
---------------------
We can find this obviously flawed code in/scripts_ralcr/filesystem/writeToFile.php:*************************
$file="../../".$_POST["path"];
$fh = fopen ($file,'w')or die("error::Can't open file for writing");
echo fwrite ($fh, stripslashes($_POST["raw_data"]));
fclose($fh);*************************
An attack can be easily performed by manipulating the parameters (path and raw_data).
Probably other php files in scripts_ralcr are coded without any care about security.
In Oziogallery the vulnerable files are located in/components/com_oziogallery2/imagin/scripts_ralcr/.
