Affected program: PhotoAlbum v 0.9.9 (previous ???) Vulnerability: Problem located within the explorer.php script. Any user is able to pass a directory as request to the script, the script will read the directory and output all files included in it and has read access. for instance: http://www.phpphotoalbum.com/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/ will reveal all the files located in the specified directory. Synnergy Networks ============================== http://www.synnergy.net Kostas Petrakis aka Pestilence [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
