5564210 2000-10-08  21:21  /58 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <13150>
Kommentar till text 5564209 av Brevbäraren (som är implementerad i) Python
Ärende: Bilaga (SLA-15-PHPix.txt) till: PHPix advisory
------------------------------------------------------------
        Synnergy Laboratories Advisory SLA-2000-15

NAME

       PHPix 1.0.X directory traversal vulnerability

AFFECTED

	Linux/UNIX with PHPix 1.0.0/1.0.1/1.0.2

SYNOPSIS

 Synnergy Labs has found a flaw within PHPix that allows a user to
 successfully traverse the filesystem on a remote host, allowing
 arbitary files/folders to be read.


DESCRIPTION

 PHPix is a Web-based photo album viewer written in PHP. It features
 automatic generation of thumbnails and different resolution files
 for viewing on the fly.  PHPix Photo Album is available from
 http://phpix.org

 Synnergy has recently discovered a flaw within PHPix that allow a
 remote user to traverse a directory as a request to the script using
 the $mode=album&album=_some_dir_variable. It is then possible to
 read any file or folder's contents with priviledges as the httpd.

 Example:

 http://target.com/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0

 The above line if given will output all the directories that are
 nested within /etc directory. Other more sinister content can be
 revealed from there.


SOLUTION

  The vendors have been informed of the bug. It is advised to wait
  for the next patched version of PHPix to be reelased.


AUTHOR

        Discovery: pestilence @ synnergy.net


DISCLAIMER

        Synnergy Laboratories may not be held liable for the use or
        potential effects of these programs or advisories, nor the
        content contained within. Use them at your own risk.

COPYRIGHT

        Synnergy Laboratories -  www.synnergy.net (c) 1998-2000
(5564210) ------------------------------------------(Ombruten)