| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070614131507.5267.qmail@securityfocus.com> Date: 14 Jun 2007 13:15:07 -0000 From: hack2prison@...oo.com To: bugtraq@...urityfocus.com Subject: Singapore Gallery fullpath disclosure Reported by Freeprotect.NET member ------------------------------------------------ Singapore Gallery is open source code, it is nice and easy to use. It is provided by http://www.sgal.org However it contain an error: http://site.ext/index.php?gallery=./index.php Warning: opendir(/home/user/public_html/galleries/index.php/) [function.opendir]: failed to open dir: Not a directory in /home/user/public_html//includes/singapore.class.php on line 870 Warning: Invalid argument supplied for foreach() in /home/user/public_html/includes/io.class.php on line 129 ----------------------------------------------
Powered by blists - more mailing lists