Directory Transversing

I don't know whether this is a bug or not, but I feel that it is a security hole and must be patched. I installed phpAlbum v0.4.1 on my server. BTW, my server runs Apache 2.2 and FileZilla FTP Server. Once I got everything installed, I logged in as admin, went into the Photo Administration Page. Out of curiousity i typed in "../../../../../" into the Act-Dir, and to my suprise, It took me right to my "C" drive (yes I'm running a Windows server, so shoot me). I read in a forum somewhere that directory transversing is done when the FTP server is not set properly. I'm currently reviewing my FTP server settings, but perhaps phpAlbum's developers can do something on the coding side as well.

Thanks for this great photo management thingi. Saved me lots of time from coding it myself from scratch. Regards,

Zulfa Juniadi b Zulkifli


style="display:inline-block;width:468px;height:60px"
data-ad-client="ca-pub-8698264690166658"
data-ad-slot="4417389723">