This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Galilery 1.0 by manipulating the 'd' parameter in the URL to traverse directories and access sensitive files like '/etc/passwd'. The vulnerability arises from unsanitized user input in the 'index.php' file.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Galilery 1.0
No auth needed
Prerequisites:Target application must be accessible · Directory traversal sequences must not be filtered