[16634] in bugtraq
Re: PhotoAlbum 0.9.9 explorer.php Vulnerability
daemon@ATHENA.MIT.EDU (ThE MaDj0kEr)
Thu Sep 7 12:42:39 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-7"
Content-Transfer-Encoding: 7bit
Message-Id: <NEBBKGDAOKLFPPPCFNAPMEPJCAAA.mad@j0ker.net>
Date: Thu, 7 Sep 2000 12:15:18 +0200
Reply-To: ThE MaDj0kEr <mad@J0KER.NET>
From: ThE MaDj0kEr <mad@J0KER.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39B6D560.C7ABA710@synnergy.gr>
> Affected program: PhotoAlbum v 0.9.9 (previous ???)
Previous version affected too, but with another script. If you haven't
chrooted web page directory, user can read files as the user running the
webserver.
For older versions than 0.9.9...
http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/
will show /etc directory.
--------------------------------------------------------
ThE MaDj0kEr (KPK)
--------------------------------------------------------
mad@j0ker.net | http://www.j0ker.net
--------------------------------------------------------
Los READ.ME son para los cobardes. Se valiente: Ejecuta.
--------------------------------------------------------
