AOH :: HP Unsorted F :: VA2596.HTM

Full Path Disclosure In Photolibrary 1.009(Update)



Full Path Disclosure In Photolibrary 1.009(Update)
Full Path Disclosure In Photolibrary 1.009(Update)



There has been a change to the solution.

!solution

Change line 48 so that the include statement stops null input and incorrect input:

if($page == NULL)
echo("Get lost! Stop Trying to get path disclosure!");
else
{
	if(!file_exists($page.'.css'))
	{
	echo("Get lost! Stop Trying to get path disclosure!");
	}
	else
	{
	include($page.'.css');
	}
=09
}

The vendor has not yet been notified.

===========================================================!author
Xia Shing Zee
===========================================================

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.