bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/14203.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

68 lines
No EOL
2.3 KiB
Text
Raw Blame History

1 ########################################## 1
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: TCW PHP Album Multiple Vulnerability
Vendor url:http://tcwphpalbum.sourceforge.net/
Version:1
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
TCW PHP Album is a set of PHP scripts that (using MySQL and the GD Library)
allow you to easily make online multimedia albums. With an intuitive
administrative panel you can quickly add albums, photos, themes, and change
site settings. It also has commenting, where people can post comments on
images and numerically rate pictures, as well as other features such as IP
restriction/banning. Recently added, you can also make automatic slideshows.
TCW PHP Album requires the following:
* PHP 4.1.2 or higher, --with-mysql
* The GD Image Library OR ImageMagick's Convert
* Minimum of PNG support for the above
* A MySQL database - tested with 3.2x
* TCW PHP Album is operating system independent. TCW PHP Album does not
support the GD Image library as it is lacking many features of convert, but
the option is available.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:
*SQL Vulnerability
DEMO URL:
http://server/photos/index.php?album=[sqli]
*XSS Vulnerability
DEMO URL :
http://server/photos/index.php?album=[xss]
*URL Redirection Vulnerability
DEMO URL:
http://server/photos/index.php?album=[urlredirection]
*HTML Injection
DEMO URL:
http://server/photos/index.php?album=[html]
# 0day n0 m0re #
# L0rd CrusAd3r #
--
With R3gards,
L0rd CrusAd3r
Reference in a new issue View git blame Copy permalink