ID CVE-2006-1480
Summary Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:duda:webalbum:2.02
    cpe:2.3:a:duda:webalbum:2.02
CVSS
Base: 5.1 (as of 29-03-2006 - 09:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit. CVE-2006-1480. Webapps exploit for php platform
file exploits/php/webapps/1608.php
id EDB-ID:1608
last seen 2016-01-31
modified 2006-03-25
platform php
port
published 2006-03-25
reporter rgod
source https://www.exploit-db.com/download/1608/
title WebAlbum <= 2.02pl - COOKIEskin2 Remote Code Execution Exploit
type webapps
nessus via4
NASL family CGI abuses
NASL id WEBALBUM_LOCAL_FILE_INCLUDE.NASL
description The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/inc_main.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local files or include a local file that contains commands which will be executed on the remote host subject to the privileges of the web server process. This flaw is only exploitable if PHP's 'magic_quotes_gpc' is disabled.
last seen 2019-02-21
modified 2018-08-06
plugin id 21311
published 2006-05-03
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21311
title WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
refmap via4
bid 17228
exploit-db 1608
osvdb 24160
secunia 19400
vupen ADV-2006-1108
xf webalbum-skin2-parameter-file-include(25443)
Last major update 07-03-2011 - 21:33
Published 28-03-2006 - 20:06
Last modified 18-10-2017 - 21:29
Back to Top