LFI to RCE via access_log injection

on
18

2BGal 3.1.2 phpinfo() Disclosure Vuln

on 
[o] 2BGal 3.1.2 phpinfo() Disclosure Vulnerability
Software : 2BGal version 3.1.2
Vendor   : http://www.ben3w.com/
Download : http://www.ben3w.com/multimedia/devphp_2bgal.php
Author   : NoGe


[o] Vulnerable file
admin/phpinfo.php


[o] Exploit
http://localhost/[path]/admin/phpinfo.php


[o] Proof Of Concept
http://www.montefiore.ulg.ac.be/ieee/2bgal/admin/phpinfo.php
http://www.tavakathamritam.net/gallery/admin/phpinfo.php
http://www.bfloortheatre.com/photo/admin/phpinfo.php
http://sunnysidealpacaranch.ca/album/admin/phpinfo.php


[o] Dork
"powered by 2bgal"


Comments

Post a Comment