Lucene search

K

freePHPgallery 0.6 Cookie Local File Inclusion Vulnerability

🗓️ 14 Feb 2008 00:00:00Reported by MhZ91Type 
zdt
 zdt
🔗 0day.today👁 11 Views

freePHPgallery 0.6 Cookie Local File Inclusion Vulnerability. No database required for gallery creatio

Show more
Code
============================================================
freePHPgallery 0.6 Cookie Local File Inclusion Vulnerability
============================================================




--==+================================================================================+==--
--==+		freePHPgallery 0.6 Cookie Local File Inclusion                       +==--
--==+================================================================================+==--

 Author: MhZ91
 Title: freePHPgallery 0.6 Cookie Local File Inclusion
 Download: http://sourceforge.net/projects/freephpgallery/
 Bug: Local File Inclusion
 Info: freePHPgallery is a easy-to-use free PHP picture gallery. Automatic creation of picture indexes with thumbnails, commenting function, selection of multiple languages. This software does not NOT require a database or other additional software.

[*]----------------------------------------------------------

freePHPgallery 0.6 present a local file inclusion in this file

index.php
comment.php
show.php

<?php

[...]

if($_COOKIE['lang']!="")
{if(file_exists("./lang/".$_COOKIE['lang'])){include ("./lang/".$_COOKIE['lang']);};}

[...]

?>

we can modify the cookie lang value whit a ../../../../ etc... and give a local file inclusion 


[*]----------------------------------------------------------



#  0day.today [2018-01-03]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Feb 2008 00:00Current
7.1High risk
Vulners AI Score7.1
11
.json
Report