Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability May 25 2008 04:25PM
irancrash gmail com
----------------------------------------------------------------

----------------------In The Name Of God------------------------

----------------------------------------------------------------

Script : Zina 1.0rc3

Type : Remote Directory Traversal Vulnerability & XSS Vulnerability

----------------------------------------------------------------

Discovered by : Dr.Crash Or Khashayar Fereidani

Our Team : IRCRASH

----------------------------------------------------------------

Our WebSite : Http://IRCRASH.COM

IRCRASH Bugtraq : Http://BUGTRAQ.IRCRASH.COM

----------------------------------------------------------------

IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr

----------------------------------------------------------------

Script Download : http://mesh.dl.sourceforge.net/sourceforge/zina/zina-1.0rc3.tar.gz

----------------------------------------------------------------

Remote Directory Traversal Vulnerability :

http://Example/index.php?p=../

----------------------------------------------------------------

Xss Vuln :

Method : Post

Vulnable Page : http://Example/index.php?l=4

Vulnable Variable : search

----------------------------------------------------------------

Solutions :

Filter ($p) variable with (if) Function .....

Filter ($search) variable with (htmlspecialchar) Function

----------------------------------------------------------------

TNx : God ......

Khashayar Fereidani Email : irancrash[at]gmail[dot]com

----------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus