Bugtraq mailing list archives

PhotoAlbum 0.9.9 explorer.php Vulnerability

From: pestilence <pestilence () SYNNERGY GR insecure org>
Date: Thu, 7 Sep 2000 02:38:08 +0300

Affected program: PhotoAlbum v 0.9.9 (previous ???)
Vulnerability: Problem located within the explorer.php script.

Any user is able to pass a directory as  request to the script, the
script will read the directory and output all files included in it and
has read access.
for instance:
http://www.phpphotoalbum.com/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/

will reveal all the files located in the specified directory.

Synnergy Networks
==============================
http://www.synnergy.net
Kostas Petrakis aka Pestilence
pestilence () synnergy net

Current thread:

PhotoAlbum 0.9.9 explorer.php Vulnerability pestilence (Sep 06)
- Re: PhotoAlbum 0.9.9 explorer.php Vulnerability ThE MaDj0kEr (Sep 07)