![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Sat, 7 Oct 2000 11:46:18 +0300
From: pestilence <pestilence@SYNNERGY.NET>
Subject: PHPix advisory
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------0C0EF80720BB29A7F5E189A9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Please find attacged PHPix advisory.
--------------0C0EF80720BB29A7F5E189A9
Content-Type: text/plain; charset=us-ascii;
name="SLA-15-PHPix.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="SLA-15-PHPix.txt"
Synnergy Laboratories Advisory SLA-2000-15
NAME
PHPix 1.0.X directory traversal vulnerability
AFFECTED
Linux/UNIX with PHPix 1.0.0/1.0.1/1.0.2
SYNOPSIS
Synnergy Labs has found a flaw within PHPix that allows a user to successfully
traverse the filesystem on a remote host, allowing arbitary files/folders to be
read.
DESCRIPTION
PHPix is a Web-based photo album viewer written in PHP. It features automatic
generation of thumbnails and different resolution files for viewing on the fly.
PHPix Photo Album is available from http://phpix.org
Synnergy has recently discovered a flaw within PHPix that allow a remote user to
traverse a directory as a request to the script using the
$mode=album&album=_some_dir_variable. It is then possible to read any file
or folder's contents with priviledges as the httpd.
Example:
http://target.com/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
The above line if given will output all the directories that are nested within /etc
directory. Other more sinister content can be revealed from there.
SOLUTION
The vendors have been informed of the bug. It is advised to wait for the next patched
version of PHPix to be reelased.
AUTHOR
Discovery: pestilence @ synnergy.net
DISCLAIMER
Synnergy Laboratories may not be held liable for the use or potential
effects of these programs or advisories, nor the content contained
within. Use them at your own risk.
COPYRIGHT
Synnergy Laboratories - www.synnergy.net (c) 1998-2000
--------------0C0EF80720BB29A7F5E189A9--