Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
@lex Guestbook 4.0.1 : Full Path Disclosure & XSS
Nov 30 2006 06:45PM
mr_kaliman msn com
@lex Guestbook 4.0.1
--------------------
Vendor site: http://www.alexphpteam.com/
Product: @lex Guestbook 4.0.1
Vulnerability: Full Path Disclosure & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 24.11.06
Public disclosure: 30.11.06
Description:
------------
Full Path Disclosure:
http://[victim]/[guestbook_path]/index.php?skin=[non-existent_skin]
XSS:
http://[victim]/[guestbook_path]/index.php?skin=[XSS]
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
--------------------
Vendor site: http://www.alexphpteam.com/
Product: @lex Guestbook 4.0.1
Vulnerability: Full Path Disclosure & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 24.11.06
Public disclosure: 30.11.06
Description:
------------
Full Path Disclosure:
http://[victim]/[guestbook_path]/index.php?skin=[non-existent_skin]
XSS:
http://[victim]/[guestbook_path]/index.php?skin=[XSS]
[ reply ]