Header Ads Widget

Responsive Advertisement

Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko

Web Security Insights By Maloy Roy Orko January 09, 2025

Hi All, 

I am Maloy Roy Orko.

Recently in one of my pentest research, I found an Image_Gallery application By Needyamin which is an open source Image Gallery Management System using PHP, MYSQL, JAVASCRIPT.

It is based on the scripting languages of PHP. Image_Gallery is an Image gallery management system using PHP, MYSQL, JAVASCRIPT

Curious to explore its functionalities, I downloaded and set it up in my local system. 

After fiddling with the source code, I found that it did not have any kind of File Extension or Upload protection In admin/gallery.php file.

It can lead into:

  1. Malware Distribution
  2. Remote Code Execution (RCE)
  3. Data Breach
  4. Denial of Service (DoS)
  5. Web Shell Installation
  6. Bypassing Security Controls
  7. Reputation Damage

The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.

  • Title of the Vulnerability: 
  • Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko
  • Vulnerability Class: Unrestricted File Upload 
  • Product Name: Image_Gallery 
  • Vendor: https://github.com/needyamin/
  • Vulnerable Product Link: https://github.com/needyamin/image_gallery/
  • Technical Details & Description: The application source code is coded in a way which allows Unrestricted File Upload.It can lead into:
  1. Malware Distribution
  2. Remote Code Execution (RCE)
  3. Data Breach
  4. Denial of Service (DoS)
  5. Web Shell Installation
  6. Bypassing Security Controls
  7. Reputation Damage
  • Product & Service Introduction: Image_Gallery
  • Observation & Exploitation: 
Note: We will Need  Admin Panel Access To Exploit This File Upload 👏 But Don't Think That I Am Not Giving The Way To Exploit It.I Have The Way 😁

I already published the way to takeover admin via Cross Site Scripting.Which is also a CVE .You can read the CVE reference here: Which tells that how to get into admin panel

Link:

https://www.websecurityinsights.my.id/2025/01/imagegallery-viewphpusername-cross-site.html


Let's see the source code? File(admin/gallery.php

  • It shows,No Protection Against Unrestricted File Upload .
  • So,We don't need even any bypass 😉
  • So upload a shell and then deface the system 😏😎
  • For this, We Need To Create A Gallery And Upload Shell Into Cover Image Here:
http://192.168.0.100:8080/ima/admin/gallery.php 

> Click Add Gallery


  • So,Lets Upload Shell.php there

  • You can see that there is no defense or filter against Unrestricted File Upload.Normally They are getting Uploaded and then we can access shell.php here:
  • http://192.168.0.100:8080/ima/models/hacker/shell.php


  • So, We Found Unrestricted File Upload Vulnerability & Shell Upload Done Too 🤝 

Video POC:



Conclusion :- 

The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combi

ning attacks can make them much more potent. 

Post a Comment

0 Comments