Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: PhotoAlbum 0.9.9 explorer.php Vulnerability
From: ThE MaDj0kEr <mad () J0KER NET>
Date: Thu, 7 Sep 2000 12:15:18 +0200

Affected program: PhotoAlbum v 0.9.9 (previous ???)

Previous version affected too, but with another script. If you haven't
chrooted web page directory, user can read files as the user running the
webserver.

For older versions than 0.9.9...
http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/
will show /etc directory.

--------------------------------------------------------
ThE MaDj0kEr (KPK)
--------------------------------------------------------
mad () j0ker net           | http://www.j0ker.net
--------------------------------------------------------
Los READ.ME son para los cobardes. Se valiente: Ejecuta.
--------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]