[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Singapore Gallery fullpath disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Singapore Gallery fullpath disclosure
From: hack2prison@xxxxxxxxx
Date: 14 Jun 2007 13:15:07 -0000

Reported by Freeprotect.NET member
------------------------------------------------
Singapore Gallery is open source code, it is nice and easy to use. It is 
provided by http://www.sgal.org
However it contain an error:
http://site.ext/index.php?gallery=./index.php

Warning: opendir(/home/user/public_html/galleries/index.php/) 
[function.opendir]: failed to open dir: Not a directory in 
/home/user/public_html//includes/singapore.class.php on line 870

Warning: Invalid argument supplied for foreach() in 
/home/user/public_html/includes/io.class.php on line 129
----------------------------------------------

Prev by Date: [ MDKSA-2007:123 ] - Updated libwmf packages fix vulnerability
Next by Date: [ MDKSA-2007:122 ] - Updated gd packages fix vulnerability
Previous by thread: [ MDKSA-2007:123 ] - Updated libwmf packages fix vulnerability
Next by thread: [ MDKSA-2007:122 ] - Updated gd packages fix vulnerability
Index(es):
- Date
- Thread