This exploit demonstrates a Local File Inclusion (LFI) vulnerability in StaMPi's fotogalerie.php by injecting a path traversal sequence to access /etc/passwd. The null byte (%00) is used to terminate the string and bypass basic input validation.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:StaMPi (version unspecified)
No auth needed
Prerequisites:Target must have fotogalerie.php accessible · File read permissions for the web server user