Bugtraq mailing list archives

Re: PhotoAlbum 0.9.9 explorer.php Vulnerability

From: ThE MaDj0kEr <mad () J0KER NET>
Date: Thu, 7 Sep 2000 12:15:18 +0200

Affected program: PhotoAlbum v 0.9.9 (previous ???)


Previous version affected too, but with another script. If you haven't
chrooted web page directory, user can read files as the user running the
webserver.

For older versions than 0.9.9...
http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/
will show /etc directory.

--------------------------------------------------------
ThE MaDj0kEr (KPK)
--------------------------------------------------------
mad () j0ker net           | http://www.j0ker.net
--------------------------------------------------------
Los READ.ME son para los cobardes. Se valiente: Ejecuta.
--------------------------------------------------------

Current thread:

PhotoAlbum 0.9.9 explorer.php Vulnerability pestilence (Sep 06)
- Re: PhotoAlbum 0.9.9 explorer.php Vulnerability ThE MaDj0kEr (Sep 07)