AOH :: HP Unsorted E :: B06-5434.HTM

ezOnlineGallery Multiple Security Issues



MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues
MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MHL-2006-003 - Public Advisory

+-----------------------------------------------------------+
|         ezOnlineGallery Multiple Security Issues          |
+-----------------------------------------------------------+


PUBLISHED ON
  October 26th, 2006


PUBLISHED AT
http://www.mayhemiclabs.com/advisories/MHL-2006-003.txt 
http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006003 


PUBLISHED BY
  Mayhemic Labs
http://www.mayhemiclabs.com 

  security AT mayhemiclabs DOT com
  GPG key: 0x56143F84


APPLICATION
  ezOnlineGallery
http://www.ezonlinegallery.com/ 



AFFECTED VERSIONS
  Versions 1.3 and below


ISSUES
	ezOnlineGallery allows disclosure of certain data about
	the system it is installed on.
	
	1) Valid Path Disclosures
	By editing the album variable when the "show_album"
	action is called on ezgallery.php, an attacker can verify
	the existance of any directory on a system. The system
	will attempt to display an album if the path is valid,
	and will return	an error if the path is invalid.
	
	EXAMPLE:
	ezgallery.php?action=show_album&album=../../../../../etc/
	
	2) File Disclosure
	By editing both the album and image variables on image.php
	an attacker can view any JPG, BMP, or PNG that the apache
	process has read access to.
	
	image.php?album=../../home/jrluser/girlfriendpics&image=nude.jpg

WORKAROUNDS
	None at this time

SOLUTIONS
	Upgrade to 1.3.2 Beta


REFERENCES
ezOnlineGallery - http://www.ezonlinegallery.com/ 


TIMELINE
	October 26th, 2006
		Vendor/Developer Notified
		Vendor/Developer Fixes Issues
		Public Release

				
ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License
http://creativecommons.org/licenses/by-sa/2.5 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org 

iD8DBQFFQWG1zjnMaVYUP4QRAmn5AKCggkwoeoEwskcExkJtNnwWC4UBkQCgjetQ
1bjFMzRtPuveUAU6a0+ZaWg=yUPA
-----END PGP SIGNATURE-----

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.