TUCoPS :: Web :: PHP :: palbm099.htm

PhotoAlbum 0.9.9 explorer.php retrieve arbitrary files 
Vulnerability

    PhotoAlbum

Affected

    PhotoAlbum 0.9.9 explorer.php

Description

    Kostas Petrakis aka Pestilence found following.  Any user is  able
    to pass a  directory as   request to the  script, the script  will
    read the  directory and  output all  files included  in it and has
    read access.  For instance:

        http://www.phpphotoalbum.com/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/

    will reveal all the files located in the specified directory.

    Previous version affected  too, but with  another script.   If you
    haven't chrooted web  page directory, user  can read files  as the
    user running the webserver.  For older versions than 0.9.9...

        http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/

    will show /etc directory.

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH