BID:1650

Nathan Purciful phpPhotoAlbum Directory Traversal Vulnerability

Info

Nathan Purciful phpPhotoAlbum Directory Traversal Vulnerability

Bugtraq ID:	1650
Class:	Access Validation Error
CVE:	CVE-2000-0872
Remote:	Yes
Local:	Yes
Published:	Sep 07 2000 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	Discovered and posted to Bugtraq by pestilence <[email protected]> on Sep 7, 2000.
Vulnerable:	Nathan Purciful phpPhotoAlbum 0.9.9 - Linux kernel 2.3 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0

Not Vulnerable:

Discussion

Nathan Purciful phpPhotoAlbum Directory Traversal Vulnerability

The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in the value of the "folder" variable it is possible for a remote user to and gain read access to any file or browse any directory for which the webserver has read access.

Exploit / POC

Nathan Purciful phpPhotoAlbum Directory Traversal Vulnerability

Example:
http://target/phpPhotoAlbum/explorer.php?folder=../../../../

Solution / Fix

Nathan Purciful phpPhotoAlbum Directory Traversal Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

References

Nathan Purciful phpPhotoAlbum Directory Traversal Vulnerability

References:

phpPhotoAlbum Product Homepage (Nathan Purciful)