BugTraq
Singapore Gallery fullpath disclosure Jun 14 2007 01:15PM
hack2prison yahoo com
Reported by Freeprotect.NET member
------------------------------------------------
Singapore Gallery is open source code, it is nice and easy to use. It is provided by http://www.sgal.org
However it contain an error:
http://site.ext/index.php?gallery=./index.php

Warning: opendir(/home/user/public_html/galleries/index.php/) [function.opendir]: failed to open dir: Not a directory in /home/user/public_html//includes/singapore.class.php on line 870

Warning: Invalid argument supplied for foreach() in /home/user/public_html/includes/io.class.php on line 129
----------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus