iFoto index.php dir Variable Traversal Arbitrary Photo Access

ID OSVDB:38615
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2007-07-25T17:22:08


Vulnerability Description

iFoto contains a flaw that allows a remote attacker to view arbitrary pictures and directory listings outside of the web path. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'dir' Variable(s).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

iFoto index.php dir Variable Traversal Arbitrary Photo Access

Manual Testing Notes

http://[victims]/ifoto/?dir=..%2F..%2F..%2F..%2F..%2F..%2Fetc http://[victims]/ifoto/?dir=../../../../../../etc


Vendor URL: http://ifoto.ireans.com/ Secunia Advisory ID:26186 Other Advisory URL: http://lostmon.blogspot.com/2007/07/ifoto-traversal-folder-enumeration.html CVE-2007-4092 Bugtraq ID: 25065