This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: EGallery 1.2 has a critical flaw in `uploadify.php`. It fails to verify file types or authentication.β¦
π‘οΈ **Root Cause**: **CWE-434** (Unrestricted Upload of File with Dangerous Type). <br>π **Flaw**: The script lacks validation for file extensions and ignores identity checks during upload.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **EGallery** by EGallery Inc. <br>π **Version**: Specifically **Version 1.2**. <br>π **Component**: The `uploadify.php` script is the entry point.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: <br>1. Upload malicious scripts (e.g., PHP webshells). <br>2. Execute arbitrary code remotely. <br>3. Gain full control over the web server's environment.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: **LOW**. <br>π **Auth**: No authentication required for the vulnerable upload function. <br>βοΈ **Config**: Exploitable via standard HTTP requests to the upload endpoint.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exploit**: **YES**. <br>π **Sources**: Metasploit module available (`egallery_upload_exec.rb`). <br>π£ **Status**: Active exploitation tools exist (Exploit-DB #20029).
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Scan for `uploadify.php` in the root or upload directories. <br>2. Test file upload functionality without login. <br>3. Check if `.php` or `.exe` files are accepted without validation.