[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: # MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities
From: Dj_ReMix_20@xxxxxxxxxxx
Date: 9 May 2006 11:37:55 -0000

# Milli-Harekat Advisory ( www.milli-harekat.org )

# OzzyWork Gallery Upload Vulnerabilities

# Risk : High

# Class: Remote

# Script : OzzyWork Gallery All Version

# Credits : Dj ReMix 

# Thanks : ßy Korsan , ESKOBAR , Poizonb0x , TR_IP


OzzyWork Gallery pictures upload page :
www.victim.com/[Ozzywork Path ]/add.asp

Vulnerable Code : 
onSubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,'',150,100,640,480,'PIC_WIDTH','PIC_HEIGHT');return
 document.MM_returnValue

This Code Deleted and All file Type upload...

Prev by Date: IBM Websphere Application Server Multiple Vulnerabilities
Next by Date: [ GLSA 200605-11 ] Ruby: Denial of Service
Previous by thread: IBM Websphere Application Server Multiple Vulnerabilities
Next by thread: [ GLSA 200605-11 ] Ruby: Denial of Service
Index(es):
- Date
- Thread