lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Feb 2009 16:27:22 -0700 From: XiaShing@...il.com To: bugtraq@...urityfocus.com Subject: Full Path Disclosure In Photolibrary 1.009(Update) There has been a change to the solution. !solution Change line 48 so that the include statement stops null input and incorrect input: if($page == NULL) echo("Get lost! Stop Trying to get path disclosure!"); else { if(!file_exists($page.'.css')) { echo("Get lost! Stop Trying to get path disclosure!"); } else { include($page.'.css'); } } The vendor has not yet been notified. ============================================================ !author Xia Shing Zee ============================================================