Edit Report

Our sensors found this exploit at:

Below is a copy:

Software : Scry Gallery
WebSite  :
discovred by :Moroccan Security Team

[+] Directory Traversal :

A remote attacker may employ directory traversal strings '../'  to access arbitrary files outside of the webroot directory. 
This flaw is due to an input validation error in the "index.php" script that does not properly validate the "p" field


[+] Full Path Disclosure :

The issue is due to an input validation error when processing a non-existing directory passed to the "p" field, which could be exploited by attackers to determine the installation path.



==> /var/www/scry-1.1/../photos/simo64 does not exist or is not readable by the webserver - please verify settings in setup.php

Moroccan Security Team

contact: simo64[at]gmail[dot]com

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.