CVE-2009-1911

TinyWebGallery <= 1.7.6 - Remote File Inclusion via Lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1911. PoCs published by EgiX.

AI-analyzed exploit summary This exploit targets a Local File Inclusion (LFI) vulnerability in TinyWebGallery <= 1.7.6, which can lead to Remote Code Execution (RCE) by injecting malicious PHP code into a log file and including it via the 'lang' parameter. The exploit checks for 'magic_quotes_gpc = off' and provides an interactive shell upon successful exploitation.

Description

Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/8649

View Code ZIP pw:eip

This exploit targets a Local File Inclusion (LFI) vulnerability in TinyWebGallery <= 1.7.6, which can lead to Remote Code Execution (RCE) by injecting malicious PHP code into a log file and including it via the 'lang' parameter. The exploit checks for 'magic_quotes_gpc = off' and provides an interactive shell upon successful exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TinyWebGallery <= 1.7.6

No auth needed

Prerequisites: magic_quotes_gpc = off · access to the admin login page

MITRE ATT&CK