Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: web5447.htm

ImageFolio Pro weak access control for administration area, path disclosure, and more
14th Jun 2002 [SBWID-5447]

	ImageFolio  Pro  weak  access  control  for  administration  area,  path
	disclosure, and more


	 V2.2 Professional Edition (UNIX)

	 (Maybe others)



	[LoWNOISE] ET found following:

	ImageFolio is a multi-platform,  server-based,  software  product  suite
	that fully automates the process of  viewing,  publishing,  maintaining,
	distributing, archiving, and  marketing  Web-based  multimedia  gallery.
	ImageFolio supports  all  media  types,  including  images,  video,  and
	sound. []


	 Weak access control for administration area



	Lets say you are doing a PEN-TEST and you find that  target  is  running
	ImageFolio Pro v2.2, so you go directly to the admin area.





	You need to autenticate, and you try the default (Admin/ImageFolio)  and

	Dont worry. go to:





	Create your own account, log in again, and you are in.


	 No validation of uploaded files



	Depending on the web server  configuration  you  can  upload  some  cool
	files (php, cgi, pl) using the administration area. Then you  can  refer
	directly to the file.  ImageFolio  doesnt  validate  the  uploaded  file


	 Encrypted Users passwords



	When you are inside the admin area you can modify users. In that  option
	you can grab the  Encrypted  password  so  you  can  use  your  favorite

	Theres no need to view the encrypted password, because  imagefolio  uses
	a kind of session_id (uid).


	 Path Disclosure



	Go to create category and create this category:




	Reason: Permission denied. 



	                         (no comments..)






	If you want to generate some extra work to the web server..

	Generate some calls to  http://target/cgi-bin/admin/nph-build.cgi  guess
	what. It isnt protected too.


	QUICKFIXES are just to  FIX  QUICK  but  nothing  more!!.  Renaming  the
	setup.cgi isnt a complete solution because exist others bugs  out  there
	to know the new name of it. SO IF YOU FOLLOWED  THAT  NICE  INSTALLATION

	If you didnt rename it, RENAME IT and call ImageFolio for a PATCH =).


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH