GAMERFUN EXPLORER GF-3XPLORER Local File Include and Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user to view a maliciously crafted URI.

The following proof-of-concept URIs are available:

For the local file-include issues:

http://www.example.com/updater.php?lang_sel=[LFI]%00
http://www.example.com/thumber.php?lang_sel=[LFI]%00


For the cross-site scripting issue:

http://www.example.com/index_3x.php?newdir=">[XSS]


 

Privacy Statement
Copyright 2010, SecurityFocus