Home page logo
/

bugtraq logo Bugtraq mailing list archives

PhotoAlbum 0.9.9 explorer.php Vulnerability
From: pestilence <pestilence () SYNNERGY GR insecure org>
Date: Thu, 7 Sep 2000 02:38:08 +0300

Affected program: PhotoAlbum v 0.9.9 (previous ???)
Vulnerability: Problem located within the explorer.php script.

Any user is able to pass a directory as  request to the script, the
script will read the directory and output all files included in it and
has read access.
for instance:
http://www.phpphotoalbum.com/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/

will reveal all the files located in the specified directory.

Synnergy Networks
==============================
http://www.synnergy.net
Kostas Petrakis aka Pestilence
pestilence () synnergy net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault