[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Full Path Disclosure In Photolibrary 1.009(Update)
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Full Path Disclosure In Photolibrary 1.009(Update)
- From: XiaShing@xxxxxxxxx
- Date: Wed, 11 Feb 2009 16:27:22 -0700
There has been a change to the solution.
!solution
Change line 48 so that the include statement stops null input and incorrect
input:
if($page == NULL)
echo("Get lost! Stop Trying to get path disclosure!");
else
{
if(!file_exists($page.'.css'))
{
echo("Get lost! Stop Trying to get path disclosure!");
}
else
{
include($page.'.css');
}
}
The vendor has not yet been notified.
============================================================
!author
Xia Shing Zee
============================================================