# Exploit Title: Pluck 4.7 multiple vulnerabilities
 
# Google Dork: Powered by pluck
 
# Date: 05/08/2011
 
# Author: Bl4k3
 
# Software Link: http://www.pluck-cms.org/?file=download
 
# Version: 4.7
 
# Tested on: Debian
 
# CVE : /
 
1-File Inclusion:
 
include(ALBUMS_DIR.'/'.$_GET['album'].'.php');
 
Require:
 
if (file_exists(ALBUMS_DIR.'/'.$_GET['album'].'.php')) {
function albums_pages_site() {
 
2-File Inclusion
 
include (ALBUMS_DIR.'/'.$album['seoname'].'.php');
foreach ($albums as $album) {
$albums  = albums_get_albums();
 
3-File Disclosure
 
echo readfile('../../settings/modules/albums/'.$image);
$image = $_GET['image'];
 
requires:
 
if (file_exists('../../settings/modules/albums/'.$image)) {
 
And a lot of low vulnerabilities!!
 
 
Bl4k3 HardC0de