Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites
From: simo64@xxxxxxxxx
Date: 21 Apr 2006 18:54:08 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Software : Scry Gallery
WebSite  :http://scry.org/
discovred by :Moroccan Security Team

[+] Directory Traversal :

A remote attacker may employ directory traversal strings '../'  to access 
arbitrary files outside of the webroot directory. 
This flaw is due to an input validation error in the "index.php" script that 
does not properly validate the "p" field

Exemple:
http://localhost/scry/index.php?v=list&i=0&p=../../..

[+] Full Path Disclosure :

The issue is due to an input validation error when processing a non-existing 
directory passed to the "p" field, which could be exploited by attackers to 
determine the installation path.

Exemple:

http://localhost/scry/index.php?v=view&i=0&p=simo64

==> /var/www/scry-1.1/../photos/simo64 does not exist or is not readable by the 
webserver - please verify settings in setup.php

Simo64
Moroccan Security Team

contact: simo64[at]gmail[dot]com

Prev by Date: Re: Mini-NUKE v2.3<<--- SQL Injection
Next by Date: Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
Previous by thread: RE: [BULK] - Websense Filter Bypass
Next by thread: Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
Index(es):
- Date
- Thread