phpix 1.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The...

PHPix 2.0.3 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9458/info It has been reported that PHPix is vulnerable to a remote command execution vulnerability due to poor handling of externally supplied data such as shell metacharacters. This issue may allow unauthorized access to the affected system with the...

PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access

The PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F.. For example: GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 will return all the files that are nested within...

Дырка в PHPix

Обратный путь в директориях позволяет обращаться к любым файлам, например http://target.com/Album/?mode=album&album=..2F..2F..2F..2F..2F..2F..2F..2Fetc&dispsize=640&start=0...

phpix 1.0 - Directory Traversal

phpix 1.0 - Directory Traversal source: https://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The...