Bugtraq mailing list archives
Re: PhotoAlbum 0.9.9 explorer.php Vulnerability
From: ThE MaDj0kEr <mad () J0KER NET>
Date: Thu, 7 Sep 2000 12:15:18 +0200
Affected program: PhotoAlbum v 0.9.9 (previous ???)
Previous version affected too, but with another script. If you haven't chrooted web page directory, user can read files as the user running the webserver. For older versions than 0.9.9... http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/ will show /etc directory. -------------------------------------------------------- ThE MaDj0kEr (KPK) -------------------------------------------------------- mad () j0ker net | http://www.j0ker.net -------------------------------------------------------- Los READ.ME son para los cobardes. Se valiente: Ejecuta. --------------------------------------------------------
Current thread:
- PhotoAlbum 0.9.9 explorer.php Vulnerability pestilence (Sep 06)
- Re: PhotoAlbum 0.9.9 explorer.php Vulnerability ThE MaDj0kEr (Sep 07)