Vendor: Phpforum, http://www.phpforums.net/ Product: McGallery v 1.1 Vulnerability: files reading on disk Consequences: Web server paths are opened Risk: High Description: Attacker can form the query in URL form ang get the access to the system files Example: thttp://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd Discoveried By D_BuG d_bug@bk.ru NemesisSecurityTeam http://nemesisoftware.com/ CheckZond free v. 1.0 http://nemesisoftware.com/products.htm uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage. -- Best regards, D_BuG mailto:d_bug@bk.ru