Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Full Path Disclosure In Photolibrary 1.009(Update)

From: XiaShing () gmail com
Date: Wed, 11 Feb 2009 16:27:22 -0700
There has been a change to the solution.

!solution

Change line 48 so that the include statement stops null input and incorrect input:

if($page == NULL)
echo("Get lost! Stop Trying to get path disclosure!");
else
{
        if(!file_exists($page.'.css'))
        {
        echo("Get lost! Stop Trying to get path disclosure!");
        }
        else
        {
        include($page.'.css');
        }
        
}

The vendor has not yet been notified.

============================================================
!author
Xia Shing Zee
============================================================
Previous By Date Next
Previous By Thread Next

Current thread: