CVE-2006-1128

Gallery 2 up to 2.0.2 - Directory Traversal via Session Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1128.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in Gallery 2, including IP spoofing via X_FORWARDED_FOR, script injection, and arbitrary file access due to improper session handling. It includes code snippets and root cause analysis but does not contain functional exploit code.

Description

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43837

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in Gallery 2, including IP spoofing via X_FORWARDED_FOR, script injection, and arbitrary file access due to improper session handling. It includes code snippets and root cause analysis but does not contain functional exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Gallery 2 <= 2.0.2

No auth needed

Prerequisites: Access to the target web application · Ability to send crafted HTTP headers

MITRE ATT&CK