Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites

from [simo64] Network Security [Permanent Link]
Subject: Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites
Date: 21 Apr 2006 18:54:08 -0000 
Software : Scry Gallery
WebSite  :http://scry.org/
discovred by :Moroccan Security Team

[+] Directory Traversal :

A remote attacker may employ directory traversal strings '../'  to access 
arbitrary files outside of the webroot directory. 
This flaw is due to an input validation error in the "index.php" script that 
does not properly validate the "p" field

Exemple:
http://localhost/scry/index.php?v=list&i=0&p=../../..

[+] Full Path Disclosure :

The issue is due to an input validation error when processing a non-existing 
directory passed to the "p" field, which could be exploited by attackers to 
determine the installation path.

Exemple:

http://localhost/scry/index.php?v=view&i=0&p=simo64

==> /var/www/scry-1.1/../photos/simo64 does not exist or is not readable by the 
webserver - please verify settings in setup.php

Simo64
Moroccan Security Team

contact: simo64[at]gmail[dot]com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites, simo64 <=
Previous by Date:  Re: Mini-NUKE v2.3<<--- SQL Injection, nukedx
Next by Date:  Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key, advisory
Previous by Thread:  RE: [BULK] - Websense Filter Bypass, Hubbard, Dan
Next by Thread:  Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key, advisory
Indexes:  [Date] [Thread] [Top] [All Lists]