Bugtraq mailing list archives
Full Path Disclosure In Photolibrary 1.009(Update)
From: XiaShing () gmail com
Date: Wed, 11 Feb 2009 16:27:22 -0700
There has been a change to the solution. !solution Change line 48 so that the include statement stops null input and incorrect input: if($page == NULL) echo("Get lost! Stop Trying to get path disclosure!"); else { if(!file_exists($page.'.css')) { echo("Get lost! Stop Trying to get path disclosure!"); } else { include($page.'.css'); } } The vendor has not yet been notified. ============================================================ !author Xia Shing Zee ============================================================
Current thread:
- Full Path Disclosure In Photolibrary 1.009(Update) XiaShing (Feb 12)