https://www.exploit-db.com/exploits/20278
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-164

PHPixPhotoAlbum1.0.2以及之前版本存在目录遍历漏洞。远程攻击者借助..（点点）攻击读取任意文件。

source: http://www.securityfocus.com/bid/1773/info

PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The problem is that "../" character sequences can be supplied by the user in an http variable that is used to reference a file on the webservers filesystem. As a result, the attacker can construct a path relative to the current working directory of the webserver using ".."'s and then the target filename/path to read any readable (to the uid of the httpd process) file on the filesystem. The information gained may make it easier to compromise the system in other ways.

Example:

http://target.com/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0

The above line if given will output all the directories that are nested within /etc
directory. Other more sinister content can be revealed from there.

来源:XF
名称:phpix-dir-traversal
链接:http://xforce.iss.net/static/5331.php
来源:BID
名称:1773
链接:http://www.securityfocus.com/bid/1773
来源:OSVDB
名称:472
链接:http://www.osvdb.org/472
来源:BUGTRAQ
名称:20001007PHPixadvisory
链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html