by r0t,der4444,cembo,VietMafia

Wednesday, November 30, 2005

phpAlbum Local file include vuln.

Vuln. dicovered by : r0t
Date: 30 nov. 2005
affected version:v0.2.3 and prior

Product Description:
It is easy to install and run PHP Photo Album/Gallery script. No database required. Caching, password directory protection, Logs, Automatic thumbnails generation and caching ... new features comming soon , themes support and others ...

Vuln. Description:
PHPalbum is prone to a local file include vulnerability. This is due to a lack of proper sanitization of user-supplied input.
This may facilitate the unauthorized viewing of files and unauthorized execution of local PHP code.


Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

vendor fixed the bugs - "- bugfix release
fixed multiple security vulnerabilities, reported here
unfortunately, i have received no email from poster, it was just a coincidence that i found this, not really professional, but nevertheless Thank You!"

4:17 AM

Anonymous r0t told...

you are welcome:)about profesionality ..hehe... dont do so big mistakes by coding in future and nobody will most report it:)

11:22 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew