Impressive analysis of gallery exploit

This is interesting - the initial entry point seems to be a poorly initialised variable in the gallery/geeklog libs or something, but from there on things get incredibly complex. The end result is the compromised machine (which was only running Apache) being used as a spam-sending box.

http://www.securityfocus.com/guest/24043