Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Singapore Gallery fullpath disclosure

From: hack2prison () yahoo com
Date: 14 Jun 2007 13:15:07 -0000
Reported by Freeprotect.NET member
------------------------------------------------
Singapore Gallery is open source code, it is nice and easy to use. It is provided by http://www.sgal.org
However it contain an error:
http://site.ext/index.php?gallery=./index.php

Warning: opendir(/home/user/public_html/galleries/index.php/) [function.opendir]: failed to open dir: Not a directory 
in /home/user/public_html//includes/singapore.class.php on line 870

Warning: Invalid argument supplied for foreach() in /home/user/public_html/includes/io.class.php on line 129
----------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: