[40955] in bugtraq
Vulnerability in MG2 php based Image Gallery - bypass security,
daemon@ATHENA.MIT.EDU (preben@watchcom.no)
Sat Oct 29 20:32:10 2005
Date: 28 Oct 2005 23:39:08 -0000
Message-ID: <20051028233908.18707.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: preben@watchcom.no
To: bugtraq@securityfocus.com
The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once.
By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder.
Sample manipulation could be:
www.yoursite.com/mg2/index.php?list=*&page=all
The "*" replaces the album number, showing every album.
The "all" command is an option programmed in the system to view all pictures within a SINGLE gallery.
Those two combined, will expose any password protected images.
The system can be downloaded from:
http://www.minigal.dk/
Please credit find to: Preben Nylokken
