6 lines
No EOL
485 B
Text
6 lines
No EOL
485 B
Text
source: http://www.securityfocus.com/bid/1650/info
|
|
|
|
The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in the value of the "folder" variable it is possible for a remote user to and gain read access to any file or browse any directory for which the webserver has read access.
|
|
|
|
Example:
|
|
http://target/phpPhotoAlbum/explorer.php?folder=../../../../ |